Number One Infosec Headache Is End Users

New survey by IT security company shows that 80 percent of IT pros point at end-users as the cause of their security problems.

Yes, unpatched workstations and configuration problems with servers are certainly ongoing issues for infosec pros, but untrained end-users are really what keeps them awake at night. It's a known problem that continually needs to be managed. It was again confirmed by a new survey conducted by IT Security firm Bromium which shows almost 80% of IT pros responsible for security point at end-users as their number one security headache. Things that bubbled up in the survey as the most dangerous things end users do are clicking on suspicious or malicious links, opening suspicious or malicious attachments, and bypassing security controls in some way or another.

A recent Aberdeen Group study confirms this and showed that end-user security awareness training can reduce IT security risk up to 70 percent. In many cases, employees do things that are risky simply due to a lack of awareness of what dangerous links or emails look like, or why certain security measures are in place. "Actions that are taken by individual end-users – the networks and devices we use, the files we send and receive, the apps we install and run, the links we click on, the emails we open – are behaviors that result in a high percentage of security infections," stated Derek Brink, analyst for Aberdeen Group.

Bromium had some more things to report though. "In addition to struggling to maintain control over their users, many information security professionals are struggling to maintain control over their current security systems," the Bromium survey showed.

IT security pros are overwhelmed by the sheer volume of attacks and trying to manage endpoint security products with overlapping functionality. Almost fifty percent of IT pros observed that multiple redundant solutions cause the highest cost and complexity into their networks. Last but not least, over 60 percent came clean on the worrisome fact that they can only investigate or respond to about half of their security alerts.

Ouch. Well, at least getting effective user education in place should be a good start. Stepping end-users through Kevin Mitnick security awareness training makes them aware of what things are dangerous to do on the Internet and significantly cuts down on risky behavior. Find out how affordable this is for your organization today.

Request A Quote: Security Awareness Training

New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your quote for KnowBe4's security awareness training and simulated phishing platform and find out how affordable this is!