CTOs consider human error to be their biggest cybersecurity threat

Ransomware and phishing were also highlighted as serious concerns by CTOs.

  • Monday, 4th March 2024 Posted 9 months ago in by Phil Alsop

Research from STX Next, a global leader in IT consulting, has found that six in ten (59%) CTOs believe human error to be the biggest cybersecurity threat facing their organisation. Human error, which can range from downloading a malware-infected attachment to failing to use a strong password, was found to be the more threatening than the potential of both ransomware (48%) and phishing (40%) attacks.

In response, CTOs are deploying a range of tactics in order to protect their teams and wider organisation, and are taking advantage of the many solutions on the market. 94% of companies said that they have now deployed multi-factor authentication (MFA), 91% are using identity access management technology (IAM), 58% are using security information and event management (SIEM) technology and 86% are using single sign-on (SSO) solutions.

The findings were taken from STX Next’s 2023 Global CTO Survey, which surveyed 500 global CTOs about the biggest challenges facing their organisation. Other key findings from the research included:

• A quarter (24%) of CTOs said that security was their biggest challenge across the organisation, the fourth most popular response.

• Despite the growing threat of attack, just less than half (49%) of companies surveyed said that they currently have a cyber insurance policy in place, while 59% of businesses have implemented a ransomware protection solution.

• In-house security teams are still in the minority: just 36% of companies have a dedicated team or department providing security services, whereas 53% of companies are using the services of external specialised companies for security.

Krzysztof Olejniczak, CISO at STX Next said: “The data from this year’s survey indicates that employees are still the weakest point of company security. Despite deployment of comprehensive technology, poor implementation, substandard support processes or lack of governance can render these efforts useless. In recent years, the frequency and severity of cyberattacks across all industries has risen extraordinarily, and employees are often carrying the burden of being an organisation’s first line of defence.

“While the threat of ransomware remains high, in many cases, cybercriminals aren’t in fact relying on incredibly advanced and sophisticated methods of attack, but on human error and social engineering techniques to gain access to an organisation’s systems. And this method of attack is still the most popular and successful. Human error can also include internal fraud, where employees intentionally do not follow procedures and expose critical information.

“In response, it’s crucial that management teams focus not only on educating staff to recognise and respond to new threats but also on periodically testing their resilience through simulated attacks or phishing and ransomware tests. Frequent testing also encourages good cyber hygiene practices and behaviours. On top of testing and education, solutions such as MFA, IAM and SSO are quickly becoming an industry standard for the modern business and can provide an additional line of defence to limit the risk of human error.

“It’s also inevitable that the smaller a company is in headcount or revenue, the less likely it is to have a dedicated security team. This is why more businesses are accessing the services of specialised cybersecurity solutions or providers in the form of vCISO services.

“Without putting protections in place, organisations place themselves at risk of being impacted by attacks, either directly or via their supply chain. Whether in-house or outsourced, CTOs and CISOs must take steps to support their teams and ensure that they are prepared and protected for the inevitability of attack.”

Beacon, NY, Dec 20, 2024– DocuWare unveils its AI-powered Intelligent Document Processing (DocuWare IDP), bringing about unprecedented improvements...
85% of IT decision makers surveyed reported progress in their companies’ 2024 AI strategy, with 47% saying they have already achieved positive ROI.

MSPs will invest in more AI security forecasting

Posted 1 week ago by Phil Alsop
Predictive maintenance and forecasting for security and failures will be a growing area for MSPs with an interest in security, says Nicole Reineke,...

Machine identities next big target for cyberattacks

Posted 1 week ago by Phil Alsop
Venafi has published the findings of its latest research report: The Impact of Machine Identities on the State of Cloud Native Security in 2024....
Nearly 50% of organisations have experienced a security breach in the last two years.

IT professionals recognise lack of gender diversity

Posted 1 week ago by Phil Alsop
The majority (87 percent) of IT professionals agree that there is a lack of gender diversity in the sector, yet less than half (41 percent) of...

A moving landscape for MSPs

Posted 2 weeks ago by Phil Alsop
2025 predictions from Ranjan Singh, chief product officer at Kaseya.

Data breach epidemic takes its toll

Posted 2 weeks ago by Phil Alsop
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t getting adequate time to relax.