Security keeps businesses awake at night

Security outfit KnowBe4 released the results of its “What Keeps You Up at Night – The 2019 Report” which looks at more than 350 organisations globally and reveals the security weaknesses and concerns within organisations. On average, 81 per cent of organisations had some degree of anxiety around security issues.

Most were worried about data breaches, with credential compromise coming in as a close second. These two issues go hand-in-hand, as misuse of credentials remains the number one attack tactic in data breaches, according to Verizon’s 2018 Data Breach Investigations Report. Phishing and ransomware ranked next, demonstrating that organisations are still not entirely prepared to defend themselves against these relatively “old” attack vectors.

The report found that 92 percent of organisations say users were their primary security concern. And at the same time, security awareness training along with phishing testing topped the list of security initiatives that organisations need to implement.

Organisations today have a large number of attack vectors to prevent, monitor for, detect, alert and remediate; in terms of attacks, 95 percent of organisations are most concerned with data breaches.

The report said that ensuring security is in place to meet GDPR requirements was still a challenge for 64 percent of organisations, despite the regulation details being out for quite some time.

Attackers’ use of compromised credentials is such a common tactic, 93 percent of organisations are aware of the problem, but still have lots of work to do to stop it.

More than  75 percent of organisations do not have an adequate budget.

KnowBe4 CEO Stu Sjouwerman said: “2018 was a prolific year for successful cyber attacks, and many of them were caused by human error. IT organisations are tasked with establishing and maintaining a layered security defence. The largest concern, as demonstrated again in this report, is employees making errors. Organisations must start with establishing a security culture, and to combat the escalation of social engineering, they have to ensure users are trained and tested.”