CTOs consider human error their biggest cybersecurity threat, says STX Next research, with ransomware and phishing also serious concerns.
According to research from IT consulting company STX Next, almost two-thirds (59%) of CTOs believe that human error is the biggest cybersecurity threat facing their organization today.
Human error, which can range from downloading a malware-infected attachment to failing to use a strong password, was found to be more threatening than the potential of both ransomware (48%) and phishing (40%) attacks. With the workforce representing organizations’ biggest attack surface, human error has previously been reported to account for as many as 95% of all cybersecurity breaches.
In response to these threats, CTOs are deploying various tactics to protect their teams and wider organizations, taking advantage of the many solutions on the market. Multi-factor authentication, which has taken off in recent years, has been adopted by 94% of companies; 91% are using identity access management technology (IAM), 58% are using security information and event management (SIEM) technology and 86% are using single sign-on (SSO) solutions.
Also Read: Paris Olympics on High Alert: Bracing for Unprecedented Cyberattacks
Security is among the main challenges for CTOs
The findings were taken from STX Next’s 2023 Global CTO Survey, which surveyed 500 global CTOs about their organization’s biggest challenges.
Other key findings from the research included:
- A quarter (24%) of CTOs said security was their biggest challenge across the organization, the fourth most popular response.
- Despite the growing threat of attack, just less than half (49%) of companies surveyed said they currently have a cyber insurance policy. In comparison, 59% of businesses have implemented a ransomware protection solution.
- In-house security teams are still in the minority: just 36% of companies have a dedicated team or department providing security services, whereas 53% of companies use external specialized companies’ services for security.
“The data from this year’s survey indicates that employees are still the weakest point of company security,” comments Krzysztof Olejniczak, CISO at STX Next. “Despite the deployment of comprehensive technology, poor implementation, substandard support processes, or lack of governance can render these efforts useless. In recent years, the frequency and severity of cyberattacks across all industries have risen extraordinarily, and employees often carry the burden of being an organization’s first line of defense.
“While the threat of ransomware remains high, in many cases, cybercriminals aren’t relying on incredibly advanced and sophisticated methods of attack, but on human error and social engineering techniques to access an organization’s systems. This method of attack is still the most popular and successful. Human error can also include internal fraud, where employees intentionally do not follow procedures and expose critical information.
“In response, it’s crucial that management teams focus not only on educating staff to recognize and respond to new threats but also on periodically testing their resilience through simulated attacks or phishing and ransomware tests. Frequent testing also encourages good cyber hygiene practices and behaviors. On top of testing and education, solutions such as MFA, IAM, and SSO are quickly becoming an industry standard for modern business. They can provide an additional line of defense to limit the risk of human error.
Also Read: Manufacturing’s Digital Dilemma: Balancing Innovation with Cybersecurity
“Without putting protections in place, organizations risk being impacted by attacks, either directly or via their supply chain. Whether in-house or outsourced, CTOs and CISOs must take steps to support their teams and ensure that they are prepared and protected for the inevitability of attack.”
