The Biggest & Best Portal to the Professional Property, Workplace and Built Environment Community

Monday, 20 May

Most Organisations’ Biggest Security Concern Is Users

KnowBe4

What Keeps You Up at Night – The 2019 Report looks at over 350 global organisations' security concerns and reveals people are the biggest perceived weakness.

Cybercrime continues to evolve and become more sophisticated. AI and machine learning are leveraged by many criminal organisations to help them better understand how to improve their attacks and they are now targeting specific industry verticals, organisations and even individuals. Increases in the frequency of ransomware, phishing and crypto jacking attacks were experienced by businesses of nearly every size, vertical and locale.

When it came to attack vectors, data breaches were the primary concern, with credential compromise coming in as a close second. These two issues go hand-in-hand, as misuse of credentials remains the number one attack tactic in data breaches, according to Verizon’s 2018 Data Breach Investigations Report.

Phishing and ransomware ranked next, demonstrating that organisations are still not completely prepared to defend themselves against these relatively 'old' attack vectors.

 

Other key findings from the report include:

  • 92% of organisations rank users as their primary security concern. And at the same time, security awareness training along with phishing testing topped the list of security initiatives that organisations need to implement.

  • Organisations today have a large number of attack vectors to prevent, monitor for, detect, alert and remediate; in terms of attacks, 95 per cent of organisations are most concerned with data breaches.

  • Ensuring security is in place to meet GDPR requirements is still a challenge for 64 per cent of organisations, despite the regulation details being out for quite some time.

  • Attackers’ utilisation of compromised credentials is such a common tactic, 93 per cent of organisations are aware of the problem - but still have lots of work to do to stop it.

  • When it comes to resources, 75 per cent of organisations do not have an adequate budget.

 

The year of the cyber attack

“2018 was a prolific year for successful cyberattacks and many of them were caused by human error,” said Stu Sjouwerman, CEO of KnowBe4, the company that produces the What Keeps You Up at Night report. “The largest concern, as demonstrated again in this report, is employees making errors. Organisations must start with establishing a security culture. in order to combat the escalation of social engineering, they have to ensure users are trained and tested.”

 

Executives out, employees in

Phishing and social engineering scammers are shifting tactics, focusing efforts on low-level employees using a variety of methods as a means to cast a wider net within a targeted organisation, according to KnowBe4's Stu Sjouwerman, who says: "There are only so many executives in an organisation, right? So, it makes sense that cybercriminals want to reach the most people with the least amount of work.

According to Proofpoint’s latest Protecting People Report, that’s exactly what they’re doing. The bad guys are using some very specific tactics and targets to achieve their goals:

  • 30% of credential phishing attacks targeting generic company email addresses, such as sales@.

  • Individual contributors and lower level management ranked higher than executives as targets.

  • 80% of organisations were involved in attacks attempting to send email to 6 or more recipients.

  • 40% of organisations were intended recipients of 50 or more phishing email attacks.

"So," says Sjouwerman, "lots of emails being sent to lots of low level individuals - that’s a recipe for disaster. Without proper training, users will succumb to attacks that compromise their endpoint, their email and their credentials, giving attackers the tools needed to move laterally within the organisation, infect others with malware via corporate email and island hop to attack other companies."

Picture: KnowBe4 is the provider of the world’s largest security awareness training and simulated phishing platform.

Article written by Brian Shillibeer

Share



Related Articles

Malicious Intent Is Biggest Threat to Personal Data

A social media poll has found that sixty-five per cent of respondents believe that humans pose the biggest threat to their personal data rather than cyber...

 Read Full Article
Gangsters' Paradise Leads To Jail Terms For Business Phishing Scam

Gangsters who altered business emails to rip-off more than £1 million have gone to jail. Two members of the Nigerian organised crime group who committed the fraud...

 Read Full Article
Not Wiping Memory Risks GDPR Fines

Thousands of businesses are risking GDPR penalties for not wiping the memory from old IT equipment, it has been claimed. According to a survey carried out by...

 Read Full Article
GDPR - What A Scam

GDPR has gifted scammers with a new hook for sending phishing emails. Many internet users are now receiving emails from organisations that they have online dealings with,...

 Read Full Article
GDPR - No Confidence In Compliance. Mobile Workers Are Biggest Hazard

Most companies are not confident of being fully compliant ahead of the GDPR deadline with the biggest fear being the loss of data on laptops and other mobile...

 Read Full Article
Data Breaches & Financial Risk - 5 Reasons For Cyber Insurance

Despite the rising cost of data breaches, most organisations are unprepared to deal with the financial and reputational repercussions, writes Joe...

 Read Full Article
Consumer Grade Apps Are A Business Security Risk

32% of organisations use consumer grade Apps such as WhatsApp, SMS and Skype for business communications. Over two thirds use these Apps regularly every day and over a...

 Read Full Article
Is BYOD Creating A GDPR Risk For Your Business?

Does your Bring Your Own Device (BYOD) stance have the potential to create risks relating to data protection or breaches, as a result of staff using a single smartphone...

 Read Full Article
Denial Of Service Costs Escalate

A DNS Threat Report has revealed the cost per attack has increased by 57% to $715,000 for organisations globally. EfficientIP, a specialist in DNS security to ensure...

 Read Full Article
Raising The Bar – Consent Under The GDPR

Straight from the horse's mouth, Steve Wood, Deputy Information Commissioner, writes for ThisWeekinFM on the topic of 'consent', how to get it and what to do...

 Read Full Article