IT pros name malicious insiders and human error as the two top security threats at 30% and 25% each.
Ransomware and malware have been the biggest security headaches so far in 2019.
However, 2020 investment priorities don’t seem to reflect that concern. A recent survey suggests that organizations will be spending the most on cloud, data and network security. In the second Office of the Future survey, Canon USA shares these results from a survey of more than 1,000 U.S. IT professionals. ABI Research conducted the survey.
SEE: Phishing attacks: A guide for IT pros (free PDF) (TechRepublic)
Twenty-one percent of IT decision-makers named compromised devices as another big threat. Respondents listed data security, network security, and user authentication & ID management as the tools that can best counteract this threat.
On a positive note, 59% of respondents report that their organization has clear cybersecurity agenda and half say that their companies are aggressive in adopting new security technologies, particularly in the ecommerce, government, retail, utilities and automotive sectors.
Proofpoint’s 2019 Human Factor Report fleshes out the details of the human security risk to corporate networks. “Instead of attacking computer systems and infrastructure, threat actors focused on people, their roles within an organization, the data to which they had access, and their likelihood to ‘click here’,” the report stated. Also, it’s not the C-suite folks that hackers target. Hackers look for people with “easily discovered identities” that can be found on corporate websites, social media and other online sources. These “Very Attacked People” are much easier targets than CEOs and CIOs.
Instead of relying entirely on technology to protect internal networks from malware and ransomware attacks, IT pros should develop their own social engineering campaign to strengthen internal defenses. This will require working with human resources and the training group. Instead of seeing colleagues as likely prey for malicious actors, IT pros can help co-workers become better at spotting fraud and phishing attacks.