As many CIOs know, cyber security incidents are one of an organisation's most significant threats. Unfortunately, these incidents have become increasingly costly and complex as technology advances rapidly.\n\nA UK study has revealed that employee-targeted attacks are the leading cause of avoidable cybersecurity incidents. The report by Tanium delves deep into the modern security landscape, uncovering how organisations allocate resources between preventative and reactive cybersecurity strategies.\n\nIt also explores their reasons for deciding which path to pursue \u2013 a critical insight into understanding today's IT defence environment and where the next cybersecurity investments should be made.\n\nPhishing and security misconfigurations \n\nPhishing and security misconfigurations are two of the most common areas that cybercriminals use to gain access to corporate networks and sensitive data.\n\nThe research found that a startling 64% of avoidable cyber incidents could be attributed to human error \u2013 namely, employees clicking on malicious links in phishing emails. Incidents such as these can have a dramatic and destructive effect on an organisation, not just its operations but also the people involved.\n\nThe report also revealed that 50% of respondents pointed to security misconfigurations as the second-most prevalent potential risk. Security misconfigurations, such as lack of proper password protection, can lead to confidential data can be easily exposed and put at considerable risk \u2013 making it essential for companies to have robust safety protocols.\n\nBoth attacks can have severe repercussions if successful and result in the loss or leakage of confidential information. Therefore, preventative solutions, alongside regular education and training, are essential for businesses looking to protect their digital assets from intrusions.\n\nSuitable Security Tools to protect IT estates\n\nHaving the right security tools are essential to providing an effective layer of security for IT estates. \n\nSolutions like firewalls, antivirus software and two-factor authentication can protect against hackers and malicious software, while encryption can help secure data from unauthorised access. Additionally, continual monitoring using intrusion detection systems can detect any suspicious activity on the network and alert administrators. \n\nDespite being widely utilised cybersecurity tools, the research revealed many organisations are yet to embrace web vulnerability scanning (only 19% use them), penetration testing software (17%), and packet sniffers for five years or more (11%). \n\nThis surprising trend suggests a potential sector gap in cyber security preparedness. With the right technology, organisations can ensure their IT estate remains safe and secure.\n\nAreas where the next cybersecurity investments will be spent\n\nCybersecurity investments are rapidly evolving to meet the growing complexities of hybrid business models, cloud security and AI\/ML technologies. Now more than ever is a critical time for organisations to invest in advanced solutions that can cater to these potential threats posed by data breaches.\n\nThe report shows companies are planning to bolster their defences against threats next year, with 49% of respondents expecting an increase in investment for threat detection. Endpoint security is anticipated to be the second most significant growth area at 46%, while data recovery and backup capabilities are just a little behind (45%).\n\nBy creating an adaptive and layered approach to cybersecurity, organisations can ensure they remain secure in the face of any attack.\n\nOverall, this study shows how important it is for organisations to take adequate measures to protect their data from external threats. By educating their people about cyber risks and implementing appropriate technical solutions, businesses can better protect themselves from costly data breaches \u2013 not only financially but also reputationally \u2013 for years to come.\n\nFor more information, read Tanium\u2019s report Cybersecurity: prevention is better than cure.