Some significant claims in this recent Sophos report. Less than a fifth of infections occurring on endpoints means renewed focus on server compromise.
Incident response on servers particularly with AV is very different and highly critical. It requires well practised IR and rigorous AV configuration.
The report reveals that IT managers discovered 37% of their most significant cyberattacks on their organization’s servers and 37% on its networks. Only 17% were discovered on endpoints and 10% were found on mobile devices.