Careless employees are the main root cause of data loss in organizations. According to the cybersecurity and compliance company Proofpoint, almost three-quarters (74 percent) of CISOs believe human error is their biggest cyber vulnerability. This is up from 60 percent in 2023 and 56 percent in 2022. Even more (80 percent) believe human risk and employee negligence will be the key cybersecurity concerns for the next two years.
“Our research shows that CISOs generally believe their people are aware of their critical role in defending the business from cyber threats. That CISOs still see their people as the primary risk factor suggests a disconnect between employees’ understanding of cyber threats and their ability to keep them at bay,” says Proofpoint.
Almost half of organizations unprepared for a targeted attack
Proofpoint’s 2024 Data Loss Landscape report, based on a worldwide survey of company information security officers (CISOs), also finds that over two-thirds (70 percent) believe their businesses are at risk from a cyberattack over the next 12 months – up from 68 percent in 2023 and 48 percent in 2022. However, almost half of the CISOs surveyed (43 percent) believe they are insufficiently prepared for a targeted cyberattack. Although this is down from 61 percent in 2023 and 50 percent in 2022, the figure still points to widespread unchecked vulnerabilities.
Ransomware attacks cited as top threat for next year
Ransomware attacks were cited as the top threat to their business over the next 12 months by 41 percent of CISOs. This should be of immediate concern to organizations in all sectors, as successful ransomware attacks are generally the direct result of employee fallibility. Attacks conducted by organized ransomware groups generally initially involve sophisticated social engineering techniques in the form of close monitoring of the target employee’s online activities, personal and professional. This enables the attackers to craft a convincing enough email, usually appearing to come from a trusted colleague or friend, to encourage the targeted member of staff to open an innocent-appearing link containing the malware necessary to initiate a successful ransomware attack. Added to this is the risk of disgruntled or dishonest employees facilitating an attack for financial gain.
The report does, however, have a silver lining in that CISOs are now gaining increased recognition at the board level. Many CISOs are now influencing business strategy, problem-solving, and crisis management, with 84 percent of those surveyed saying that they are now seeing “eye-to-eye” with their boards. This is a significant rise from the 62 percent who said this in 2023.
