Egress reports that 56% of IT leaders say their non-technical staff are partially prepared or not at all prepared for a security attack.
A survey of 600 hundred IT security leaders from several industries regarding organisations’ security posture in a worsening security environment was conducted. 77% of respondents have witnessed increased attacks in 2 years since employees have moved from office to work from home environment.
Human factors are caused by human behaviours or actions, via coercion by bad actors, human error or malicious intent. Technology can have issues or not work as it was designed to, but in several cases, the problem is with the person using the technology, and that might stem from carelessness, malicious intent, or being deceived by a third party; humans can knowingly or without knowledge can create trouble for security teams.
The research results show that the top attacks or risks employees fall victim to are the result of human-activated risks, such as accidental data loss, malicious data exfiltration or falling victim to a phishing attack.
Human-activated risks are a major reason for top attacks or employees falling into a trap of malicious attacks.
39% of IT leaders depend on the default protections that come with Microsoft or Google products to protect them from phishing attacks, the research pointed out. The report also reveals that 39% of organisations have six or more security solutions to address attacks.
Other significant findings
- 30% of IT leaders polled either don’t have or don’t know if their organization has a solution to detect accidental data loss from misdirected emails.
- 60% of respondents feel the active security solutions they have in place still presents them with a challenge.
- Almost 30% of those polled (+/- 180 IT leaders) don’t understand what human activated risk is.
“Organizations are facing a formidable threat landscape, and the threat of cyber-attacks looms large”, explains Jack Chapman, VP of Threat Intelligence at Egress, “Against this backdrop, it’s alarming that most IT leaders, those responsible for protecting an organization against these threats, feel that employees aren’t fully prepared to deal with cyber-attacks. Coupled with the finding that human activated risk is the leading driver of security incidents, it’s clear that many organizations are in a vulnerable position, exposed to a wide range of serious cybersecurity threats.
“Organizations must build up their defences against attackers, provide proper training programs and also take meaningful action to tackle risks that originate from within – beginning with their people. Now is the time for organizations to re-evaluate their security posture and ensure that they are in a strong position to protect themselves and their people.”