Human Error, Not Hackers, Top Cybersecurity Threat, Say CTOs
In response to this growing concern, CTOs are implementing various strategies to safeguard their teams and broader organizations.
Samiksha Jain
Last updated on March 15th, 2024
Share on LinkedInShare on Twitter
In today’s digital landscape, the threat of cyberattacks looms large, with organizations facing increasingly sophisticated threats. According to research conducted by STX Next, a global leader in IT consulting, human error emerges as the primary cybersecurity threat faced by organizations, surpassing the potential risks posed by ransomware and phishing attacks.
The survey, which polled 500 global Chief Technology Officers (CTOs), revealed that a staggering six in ten (59%) CTOs identified human error as the most significant cybersecurity risk within their organizations. Human error encompasses a range of actions, from inadvertently downloading malware-infected attachments to neglecting to use robust passwords.
Addressing Human Error: Strategies and Solutions
In response to this growing concern, CTOs are implementing various strategies to safeguard their teams and broader organizations.
The adoption of multi-factor authentication (MFA) stands out as a prevalent tactic, with 94% of companies surveyed having deployed MFA. Additionally, 91% are leveraging identity access management technology (IAM), 58% are utilizing security information and event management (SIEM) technology, and 86% have implemented single sign-on (SSO) solutions.
Identifying Vulnerabilities: Challenges and Opportunities
Despite these proactive measures, the survey also uncovered areas of vulnerability. A quarter (24%) of CTOs cited security as their primary organizational challenge, yet only 49% of companies reported having a cyber insurance policy in place. Furthermore, while 59% of businesses have implemented ransomware protection solutions, in-house security teams remain a minority, with just 36% of companies having a dedicated security team or department.
Krzysztof Olejniczak, Chief Information Security Officer (CISO) at STX Next, emphasized the critical role of employee awareness and preparedness in mitigating cyber risks.
“The data from this year’s survey indicates that employees are still the weakest point of company security. Despite the deployment of comprehensive technology, poor implementation, substandard support processes or lack of governance can render these efforts useless. In recent years, the frequency and severity of cyberattacks across all industries have risen extraordinarily, and employees are often carrying the burden of being an organization’s first line of defence,” said Olejniczak.
Olejniczak stressed the necessity of not only educating employees on identifying and responding to threats but also regularly assessing their resilience through simulated attacks and training exercises. Additionally, he advocated for the adoption of solutions such as MFA, IAM, and SSO as standard practices to bolster defenses against human error.
Furthermore, Olejniczak highlighted the disparity in cybersecurity resources among organizations, particularly smaller firms with limited resources. To address this gap, he suggested leveraging specialized cybersecurity solutions or providers, including virtual Chief Information Security Officer (vCISO) services.
In conclusion, as cyber threats continue to evolve, organizations must prioritize cybersecurity preparedness and resilience. Whether through in-house initiatives or outsourced solutions, CTOs and CISOs play a pivotal role in supporting their teams and fortifying defenses against the inevitability of cyberattacks.
By addressing the human factor and implementing comprehensive security measures, organizations can better protect themselves and their stakeholders from potential harm.