92% of Businesses Cite Insider Threats as Biggest Concern, Survey Shows

There’s no shortage of research in the cybersecurity sector. Players in this vertical relentlessly keep tabs on the trends, both positive and negative, to better understand cybercriminals’ mindset and deploy adequate defenses. One recent study reveals that businesses in all industries most fear their staff – both the negligent worker and the potentially nefarious employee.

Employees pose a huge risk to organizations handling sensitive data. Sometimes, all it takes is one phishing attack to compromise a company’s defenses, and negligent staff abound, as 92% of organizations agreed in a survey by security awareness training firm KnowBe4.

Over 350 organizations participated in this year’s report, representing key industries like finance, technology, healthcare, government, manufacturing, energy & utilities, education and transportation. Respondents included IT engineers, IT admins, IT managers and directors, and even the C-suite chimed in. On average, 81% of respondents were concerned to some degree about a security issue researchers raised, but the vast majority were on the same page as far as internal threats were concerned.

Negligence top concern for IT reps

Insider negligence is such a concern among respondents that 12% said it outright “keeps them up at night.” 24% described themselves as “very concerned” and 56% were “somewhat concerned.” Add the three and you get a 92% consensus that users are the primary concern, with “negligent insiders” listed as the single biggest threat to an organization. From the report:

“Because users interact with attack assets – such as emails, links, attachments, webpages, and more – they become both part of the attack and your defense strategy … The negligent user is the single largest concern to organizations within this report. This finding coincides with the top three open-ended concern answers we received – users, phishing, and email. These users are unaware of the dangers that lurk within email and on the web, putting organizations at risk.”

The findings are supported by a reported lack of security culture and training, as well as tight budgets allocated to cybersecurity.




“We found these concerns to be evenly distributed across organizations of all sizes and industry verticals, indicating every organization shares the same frustration with user risk,” researchers said.

Solid security strategy in order

Some of the survey’s findings helped paint a picture of the requirements to bolster cybersecurity posture. For example, 46% of respondents are “working” on security initiatives, but have no clear plan. 59% don’t have enough support from their higher-ups, and 75% lack the budget needed to strengthen their organization’s defenses. Finally, the largest concern reported by respondents was “negligent users.” Researchers advise their subjects to plan out a layered security strategy as the first step towards achieving resilience.

“You can put all the security solutions in place that you want, but if your users are still going to click every link that comes into their inbox, you’re still at risk,” reads another key paragraph from the report. “Implement security awareness training and user phishing testing to elevate your employee’s understanding of the need to incorporate security as part of their job function. This will make them a part of the defense and lower organizational risk.”

While this statement isn’t incorrect, things aren’t quite so black and white. Granted, the need for security awareness programs is slowly but surely becoming the norm. But solutions already out there can significantly reduce insider threats by leveraging Artificial Intelligence and Machine Learning so that IT reps don’t lose sleep over every negligent employee’s actions. Network Traffic Analytics is a new category of security solutions designed to improve visibility into threat-related activity and reduce the dwell time of advanced attacks. Bitdefender Network Traffic Security Analytics (NTSA) seamlessly blends with existing security deployments and not only facilitates threat-hunting, but also assists compliance efforts.

*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Filip Truta. Read the original post at: