Dark Readings annual Strategic Security Survey provides several details highlighting that organizations aren’t ready, and users aren’t helping.
Cyberattacks aren’t going anywhere; there’s just too much money to be made and too many organizations with said money. So, it stands to reason that organizations, knowing full-well at this point that external attacks are eminent, should be prepared.
However, according to new data from Dark Reading, 1 out of five organizations say they are more vulnerable to data breaches than they were a year ago. Part of the problem is put squarely on the attacker - 60% of orgs say they are more vulnerable because of increased threat sophistication. But, we can’t just blame the bad guy; the good guys need to be doing their part to stop attacks right? And, from the looks of the report data, it doesn’t appear that’s so.
Let’s start with the fact that Dark Reading found that phishing accounted for 48% of compromises. That’s compromises, not just attempted attacks. And with every phishing attack, the user is a required pawn – without them, the attack is just an email.
But, according to the report, users are at the top of the concern list:
- 44% of orgs say authorized users and employees pose the greatest threat to data security
- 61% of organizations believe negligent users will be the primary cause of a data breach in the next 12 months
It appears that the issue here is attackers are using more timely and contextual phishing scams that are working because users aren’t properly educated on what to look for.
Organizations desiring to stop these attacks dead in their tracks need to look to Security Awareness Training. Users who undergo this training learn about the methods used, how to safely interact with email and the web, and why it’s important to remain constantly vigilant.
With users as the principal reason why your organization may face a data breach, it’s crucial to begin educating them on how they can elevate the security stance of the organization, reducing the threat surface.