'Avoidable' cybersecurity incidents result of employee targeting

54% of organisations cite employees clicking on phishing links as the number-one avoidable cause.

  • Monday, 5th December 2022 Posted 2 years ago in by Phil Alsop

Tanium has released research that reveals attacks targeting employees are the main cause of avoidable cybersecurity incidents.

 

The study, “Cybersecurity: Prevention Is Better than the Cure,” uncovers the amount of time and resources organisations spend on reactive versus preventative cybersecurity measures and the rationale behind their decisions. The report surveyed UK-based IT decision makers across a variety of industries including public sector, financial services, healthcare, and retail. Findings show that 54% of respondents cited staff clicking on phishing links as the most common issue that can facilitate a successful cyberattack. The report also reveals cybersecurity problems that have been exacerbated by the shift to hybrid work, with 71% of business owners and partners finding it more difficult to defend against threats today than before the pandemic.

 

“It’s clear from our research that many organisations are struggling to protect against cyber threats in the hybrid work environment,” said Chris Vaughan, VP of technical account management for EMEA & South Asia at Tanium. “During the pandemic, organisations had to implement new technology overnight to ensure business continuity. The patchwork of solutions that was hastily put together left major security gaps. These gaps still exist and need to be fixed, which is one of the reasons IT decision makers are finding it more difficult to secure their environments.”

 

Key findings include:

 

·       Phishing and security misconfigurations are top concerns for IT leaders. Sixty-four percent of respondents from the public sector found avoidable security incidents caused by employees clicking on a phishing link. The second-highest avoidable incident, cited by 50% of respondents, is security misconfigurations, such as employees failing to password-protect sensitive data. This rate rises to 57% amongst organisations with 250-500 employees.

 

·       Organisations don’t have suitable technology in place to protect IT estates. The third most common avoidable incident is the lack of software in place to prevent cyberattacks, cited by 47% of respondents. In fact, some mainstream cybersecurity tools are not used by the surveyed organisations or have only been deployed recently. For example, only 19% use web vulnerability scanning, just 17% use penetration testing software, and a mere 11% have used packet sniffers for five years or more.

 

·       Areas where the next cybersecurity investments will be spent. Seventy-one percent of business owners and partners are finding it more difficult to defend against threats than before the pandemic. This has prompted them to make new investments in cybersecurity, with threat detection and endpoint security being the top two areas earmarked for increased spending. Almost half of respondents (49%) expect to invest more on threat detection next year; organisations that suffered a cyberattack or data breach in the last six months are also most likely to invest in this area (56%). Endpoint security is expected to be the second highest area of investment over the next 12 months, with 46% of organisations planning to increase spend. The third highest area of planned investment is in data recovery and backup tools, with 45% percent of all organisations set to increase their spend in these technologies, a number that rises to 58% for those that have experienced a cyberattack or data breach in the past six months. The fourth and fifth highest areas of potential investment are employee awareness training (43%) and new endpoint devices (42%), respectively.

 

“Organisations are struggling to get out in front of known and unknown vulnerabilities across an ever-increasing attack surface of endpoints, and the results of this survey bear this reality out,” said Jason English, principal analyst, Intellyx. “Understaffed and underequipped security teams want a more proactive cybersecurity approach, but they often don’t invest in countermeasures until an incident happens. The study found that 86% of organisations compromised by a breach in the last six months believe that more investment in preventative measures, such as staff training or tools that provide increased visibility of networks, would have minimised security incidents.”

 

Arlington Research conducted the survey across the UK with three hundred IT and security decision makers at organisations with 250 or more employees. Participants came from the public sector, banking and financial services, technology, manufacturing, retail, telecoms, healthcare, and education.

 

“The high number of respondents citing endpoint security as a priority future investment underscores the challenges that companies across the UK face,” continues Vaughan. “It’s difficult - if not impossible - to protect data and devices that organisations have no visibility of, so it’s not surprising to see them shift resources towards covering their blind spots. When making these investments, shifting from point tools to a platform solution can help reduce the cost and complexity in IT estates.”