Attacks targeting employees are the main cause of avoidable breaches

As many CIOs know, cyber security incidents are one of an organisation’s most significant threats. Unfortunately, these incidents have become increasingly costly and complex as technology advances rapidly.

A UK study has revealed that employee-targeted attacks are the leading cause of avoidable cybersecurity incidents. The report by Tanium delves deep into the modern security landscape, uncovering how organisations allocate resources between preventative and reactive cybersecurity strategies.

It also explores their reasons for deciding which path to pursue – a critical insight into understanding today’s IT defence environment and where the next cybersecurity investments should be made.

Phishing and security misconfigurations 

Phishing and security misconfigurations are two of the most common areas that cybercriminals use to gain access to corporate networks and sensitive data.

The research found that a startling 64% of avoidable cyber incidents could be attributed to human error – namely, employees clicking on malicious links in phishing emails. Incidents such as these can have a dramatic and destructive effect on an organisation, not just its operations but also the people involved.

The report also revealed that 50% of respondents pointed to security misconfigurations as the second-most prevalent potential risk. Security misconfigurations, such as lack of proper password protection, can lead to confidential data can be easily exposed and put at considerable risk – making it essential for companies to have robust safety protocols.

Both attacks can have severe repercussions if successful and result in the loss or leakage of confidential information. Therefore, preventative solutions, alongside regular education and training, are essential for businesses looking to protect their digital assets from intrusions.

Suitable Security Tools to protect IT estates

Having the right security tools are essential to providing an effective layer of security for IT estates. 

Solutions like firewalls, antivirus software and two-factor authentication can protect against hackers and malicious software, while encryption can help secure data from unauthorised access. Additionally, continual monitoring using intrusion detection systems can detect any suspicious activity on the network and alert administrators. 

Despite being widely utilised cybersecurity tools, the research revealed many organisations are yet to embrace web vulnerability scanning (only 19% use them), penetration testing software (17%), and packet sniffers for five years or more (11%). 

This surprising trend suggests a potential sector gap in cyber security preparedness. With the right technology, organisations can ensure their IT estate remains safe and secure.

Areas where the next cybersecurity investments will be spent

Cybersecurity investments are rapidly evolving to meet the growing complexities of hybrid business models, cloud security and AI/ML technologies. Now more than ever is a critical time for organisations to invest in advanced solutions that can cater to these potential threats posed by data breaches.

The report shows companies are planning to bolster their defences against threats next year, with 49% of respondents expecting an increase in investment for threat detection. Endpoint security is anticipated to be the second most significant growth area at 46%, while data recovery and backup capabilities are just a little behind (45%).

By creating an adaptive and layered approach to cybersecurity, organisations can ensure they remain secure in the face of any attack.

Overall, this study shows how important it is for organisations to take adequate measures to protect their data from external threats. By educating their people about cyber risks and implementing appropriate technical solutions, businesses can better protect themselves from costly data breaches – not only financially but also reputationally – for years to come.

For more information, read Tanium’s report Cybersecurity: prevention is better than cure.