Businesses of all sizes are vulnerable to cyberattacks. However, large enterprises find themselves particularly vulnerable to sophisticated ransomware, nation-state, and insider attacks due to their complex and diverse organizational structures. And where these ‘big fish’ have annual revenue in the billions, they are a far more attractive target to hackers seeking financial gain or looking to cause widespread disruption. But despite having larger budgets and more resources on hand than SMBs, large enterprises’ cybersecurity maturity is well below average at 46%.
A vast attack surface
Put simply, large enterprises have a bigger surface area for malicious actors to exploit. Every day large businesses connect to the Internet with more devices than their smaller counterparts. And their bigger employee networks increase the risk of human error, which accounts for 22% of all cyber breaches. Plus, larger enterprises are connected to a wider network of partners from up and down the supply chain, putting their networks at a greater risk of supply chain incidents like the SolarWinds attack.
A larger attack surface makes it challenging for security teams to see, identify, and prevent threats quickly. While penetration tests found that 34% of system vulnerabilities found in mid-sized businesses were high risk, almost half (49%) of these were deemed high risk in large enterprises. Response times can also be lengthy, with data breaches going unnoticed within vast networks for months. The average company takes 197 days to detect a breach and 69 days to contain it — more than enough time for attacks to spread throughout the business.
While they may not feel the impact of the cyber skills gap as much as SMBs, large enterprises face other resource challenges. Most large-scale companies have the financial and human resources to employ security solutions but have misplaced confidence in their ability to use them effectively. Enterprises employ an average of 45 cybersecurity-related tools, yet research shows that while investment is increasing, effectiveness is decreasing. Enterprises with over 50 cyber tools even rated themselves less able to detect cyber threats than those with under 50, finding their response efforts hindered by the complexity of managing multiple, fragmented tools.
With so many hackers devising new advanced persistent threats, large enterprises’ cybersecurity solutions, and therefore their security staff, are being barraged by alerts. This can quickly overwhelm staff and lead to widespread alert fatigue; companies with 500-1,499 employees now ignore or don’t investigate 27% of all alerts. Alert fatigue sees organizations fall victim to cyberattacks that could have been remediated, not to mention the disconnect it causes between business leaders and security personnel.
In attacks like ransomware, the bigger the organization, the more ransom malicious actors will demand. In 2021, Russian ransomware-as-a-service gang REvil demanded $50 million from Apple supplier Quanta to release encrypted data. But after breaching Quanta and stealing future product designs, REvil pivoted and demanded that Apple pay the ransom. And even if a large organization refuses to pay a ransom, the disruption caused by recovering compromised systems leads to further revenue losses.
Additionally, when a large enterprise with a big stake in the supply chain has its operations disrupted, global supply and demand can be impacted. When JBS Foods and Colonial Pipeline were hit by separate ransomware attacks in 2021, entire supply chains felt the impact of widespread shortages and subsequent price hikes.
Why large enterprises need cyber threat intelligence
When dealing with millions of transactions and customers, large enterprises need a solution that detects emerging cyber threats in the most demanding network environments. Centripetal’s CleanINTERNET service is designed to serve some of the largest critical infrastructure providers and government agencies in the world. CleanINTERNET aggregates over 3,500 cyber threat feeds to shield against 99% of known threats. Our Zero Trust inspection of all inbound and outbound traffic dramatically reduces events, alerts, and log data within networks. And with our elite team of cyber threat analysts acting as an extension of your team, alert fatigue is also minimized. CleanINTERNET saves millions of dollars on multiple, disparate cyber threat feeds, uniting your threat detection into one flexible service that’s easy to deploy. With CleanINTERNET, large enterprises are afforded peace of mind that their customers, partner network, and reputation are protected from cyberattacks.