The State of Human Risk
Summary:
Mimecast recently conducted a study surveying 1,100 IT security professionals and decision-makers from the United States, United Kingdom, France, Germany, South Africa, and Australia to gain insights into their current cybersecurity challenges and priorities for the upcoming year. The survey revealed that human risk continues to be the most significant cybersecurity challenge globally. Mimecast found that the majority of security incidents are caused by human errors, such as insider threats and credential misuse, which often result in major data breaches. Additionally, 94% of organizations reported difficulties in ensuring that employees adhere to compliance standards and follow security protocols consistently. Despite the widespread use of AI in defending against cyberattacks and insider threats, with 95% of surveyed organizations employing AI solutions, 81% expressed concerns about the potential for sensitive data leaks through generative AI tools.
Security Officer Comments:
No matter how robust an organization’s security measures may be, a single lapse in employee vigilance can provide an opening for cybercriminals to infiltrate the network. Whether it's an employee inadvertently clicking on a malicious link in an email or misconfiguring a system, these seemingly small mistakes can grant attackers an initial foothold that could lead to significant breaches. While regular employee training, proper system /network configuration, and regular updates are crucial components in strengthening defenses, insider threats remain a significant concern to organizations. Insider threats can arise from employees, contractors, or anyone with access to internal systems, whether malicious or unintentional. Even with strict security protocols in place, human error or intentional malicious activity can bypass technical safeguards, underscoring the importance of a comprehensive cybersecurity strategy that includes both technological defenses and proactive efforts to foster a security-aware culture among employees.
Suggested Corrections:
Organizations should implement regularl table-top exercises to ensure employees are well-versed in identifying and responding to potential threats. Regularly reinforcing the importance of strong password policies, credential management, and adherence to security protocols can help reduce the risk of insider threats and credential misuse. Additionally, adopting a layered security approach, which includes AI-driven defenses, data encryption, and strong access controls, can safeguard against potential breaches. Furthermore, conducting periodic audits and providing clear, accessible guidance on compliance and security standards will further strengthen an organization’s ability to manage the “human risk” factor.
Link(s):
https://www.mimecast.com/blog/the-state-of-human-risk/
Mimecast recently conducted a study surveying 1,100 IT security professionals and decision-makers from the United States, United Kingdom, France, Germany, South Africa, and Australia to gain insights into their current cybersecurity challenges and priorities for the upcoming year. The survey revealed that human risk continues to be the most significant cybersecurity challenge globally. Mimecast found that the majority of security incidents are caused by human errors, such as insider threats and credential misuse, which often result in major data breaches. Additionally, 94% of organizations reported difficulties in ensuring that employees adhere to compliance standards and follow security protocols consistently. Despite the widespread use of AI in defending against cyberattacks and insider threats, with 95% of surveyed organizations employing AI solutions, 81% expressed concerns about the potential for sensitive data leaks through generative AI tools.
Security Officer Comments:
No matter how robust an organization’s security measures may be, a single lapse in employee vigilance can provide an opening for cybercriminals to infiltrate the network. Whether it's an employee inadvertently clicking on a malicious link in an email or misconfiguring a system, these seemingly small mistakes can grant attackers an initial foothold that could lead to significant breaches. While regular employee training, proper system /network configuration, and regular updates are crucial components in strengthening defenses, insider threats remain a significant concern to organizations. Insider threats can arise from employees, contractors, or anyone with access to internal systems, whether malicious or unintentional. Even with strict security protocols in place, human error or intentional malicious activity can bypass technical safeguards, underscoring the importance of a comprehensive cybersecurity strategy that includes both technological defenses and proactive efforts to foster a security-aware culture among employees.
Suggested Corrections:
Organizations should implement regularl table-top exercises to ensure employees are well-versed in identifying and responding to potential threats. Regularly reinforcing the importance of strong password policies, credential management, and adherence to security protocols can help reduce the risk of insider threats and credential misuse. Additionally, adopting a layered security approach, which includes AI-driven defenses, data encryption, and strong access controls, can safeguard against potential breaches. Furthermore, conducting periodic audits and providing clear, accessible guidance on compliance and security standards will further strengthen an organization’s ability to manage the “human risk” factor.
Link(s):
https://www.mimecast.com/blog/the-state-of-human-risk/