Wednesday, 19th February 2020

Users are the biggest security concern

Despite concerns, organisations lack the budget (75 per cent) and training (80 per cent) to combat threats.

KnowBe4 has released the results of new research:What Keeps you Up at Night – The 2019 Report. The report looks at over 350 organisations globally and reveals the security weaknesses and concerns within organisations. On average, 81% of organisations had some degree of concern around security issues.

Cybercrime continues to evolve and become more sophisticated. AI and machine learning are leveraged by many criminal organisations to help them better understand how to improve their attacks and they are now targeting specific industry verticals, organisations and even individuals. Increases in the frequency of ransomware, phishing and crypto jacking attacks were experienced by businesses of nearly every size, vertical and locale.

When it came to attack vectors, data breaches were the primary concern, with credential compromise coming in as a close second. These two issues go hand-in-hand, as misuse of credentials remains the number one attack tactic in data breaches, according to Verizon’s 2018 Data Breach Investigations Report. Phishing and ransomware ranked next, demonstrating that organisations are still not completely prepared to defend themselves against these relatively “old” attack vectors.

Other key findings from the report include:

  • 92% of organisations rank usersas their primary security concern. And at the same time, security awareness training along with phishing testing topped the list of security initiatives that organisations need to implement.
  • Organisations today have a large number of attack vectors to prevent, monitor for, detect, alert and remediate; in terms of attacks,95 per cent of organisations are mostconcerned with data breaches.
  • Ensuring security is in place to meetGDPR requirements is still a challenge for64 per centof organisations, despite the regulation details being out for quite some time.
  • Attackers’ utilisation of compromised credentials is such a common tactic,93 per cent of organisations are aware of the problem, but still have lots of work to do to stop it.
  • When it comes to resources,75 per cent of organisations do not have an adequate budget.

“2018 was a prolific year for successful cyberattacks, and many of them were caused by human error,” said Stu Sjouwerman, CEO of KnowBe4. “IT organisations are tasked with establishing and maintaining a layered security defence. The largest concern, as demonstrated again in this report, is employees making errors. Organisations must start with establishing a security culture, and in order to combat the escalation of social engineering, they have to ensure users are trained and tested.”

Netskope has released the February 2020 Netskope Cloud and Threat Report, which analyses the most in...
BullGuard-commissioned research reveals small to medium businesses in the UK and US are at increased...
OpenText has issued the 2020 Webroot Threat Report, highlighting not only the agility and innovation...
BlackBerry Limited has released its annual 2020 Threat Report, which examines the latest adversarial...
Recorded Future has revealed its plans for a new approach to building an intelligence-led cybersecur...
New data from Extreme Networks reveals that IoT is barreling toward the enterprise, but organisation...
More than 8.4 million DDoS attacks targeting IT infrastructures, cloud, mobile networks, and IoT dev...
The Telco Security Alliance has announced new collaborative efforts designed to further enhance the...