Security News > 2022 > August > Don't be surprised if your organization suffers multiple cyberattacks

Security experts spent years warning enterprises to expect cyberattacks and to plan their defenses accordingly, now Sophos researchers are saying organizations shouldn't be surprised if they get attacked multiple times.

In a 23-page report [PDF] released this week, the researchers unwind the multiple factors that are fueling a rise in the number of entities hit by more than one attack.

"In recent months, we've noticed an uptick in the number of cases where organizations have been attacked multiple times," wrote Matt Wixey, principal technical editor and senior threat researcher at Sophos.

In most instances, the root causes of multiple attacks are the failure to address significant software or hardware vulnerabilities and, after an attack, not dealing with the misconfigurations left in place by earlier attacks.

John Gunn, CEO of authentication technology vendor Token, told The Register: "Victims of simultaneous attacks will be less likely to pay and may not be able to pay multiple attackers a full ransom. As such, you can expect IABs to charge a premium for first rights or exclusive rights for a target organization."

At the same time, organizations can be hit with multiple ransomware attacks because such threat groups often don't care if others are attacking the same enterprise.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/11/multiple_cyberattacks_sophos/