Employees not fully prepared for cyberattacks

Egress has published the results of its Human Activated Risk report, which revealed that over half (56%) of IT leaders say that their non-technical staff are only ‘somewhat’ prepared, or ‘not at all’ prepared, for a security attack. Six hundred IT security leaders across a broad range of industries were anonymously surveyed regarding their organisations' security posture in this heightened threat environment. Add to this, 77% of respondents have seen an increase in security compromises since going remote 2 years ago, and there’s a continued significant risk to organisations.

  • 2 years ago Posted in

Human activated risk is introduced by human behaviours or actions, through coercion by bad actors, human error or malicious intent. Technology can malfunction or not work as it’s supposed to, but in many cases, the fault is with the person operating it. Whether through carelessness, malicious intent, or being tricked by a third party, humans can knowingly and unknowingly create massive amounts of risk that security teams need to manage. The top attacks associated with Human Activated Risk seen by IT Leaders include, in order of rank:

 

1.    Accidental data loss via human error

2.    Employee spear phishing

3.    Business email compromise

 

The research results show that the top attacks or risks employees fall victim to are the result of human-activated risks, such as accidental data loss, malicious data exfiltration or falling victim to a phishing attack. The research found that 39% of IT leaders rely on the native protections offered by Microsoft 365 and Google to defend from inbound phishing attacks. What was also revealed is that more than 39% of organisations have 6 or more security solutions in place today, an approach that appears to be bringing more software in to address the problem and hoping it gets better rather than looking at the root cause. 

 

Other significant research findings include:

·         30% of IT leaders polled either don't have or don't know if their organisation has a solution to detect accidental data loss from misdirected emails.

·         60% of respondents feel the active security solutions they have in place still presents them with a challenge.

·         Almost 30% of those polled (+/- 180 IT leaders) don't understand what human activated risk is.

 

“Organisations are facing a formidable threat landscape, and the threat of cyber-attacks looms large”, explains Jack Chapman, VP of Threat Intelligence at Egress, “Against this backdrop, it’s alarming that most IT leaders, those responsible for protecting an organization against these threats, feel that employees aren’t fully prepared to deal with cyber-attacks. Coupled with the finding that human activated risk is the leading driver of security incidents, it’s clear that many organizations are in a vulnerable position, exposed to a wide range of serious cybersecurity threats. Organisations must build up their defences against attackers, provide proper training programs and also take meaningful action to tackle risks that originate from within – beginning with their people. Now is the time for organizations to re-evaluate their security posture and ensure that they are in a strong position to protect themselves and their people.”

Research finds that the industry is struggling with a growing resource and skills gap while...
Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...