59% of CTOs still see human error as the main security threat to their business, alongside other prominent concerns such as ransomware (49%) and phishing (36%), a research from STX Next reveals.
Despite this recognition of risk, the findings suggest that more needs to be done to properly safeguard companies against dangers, with only 26% having a dedicated cybersecurity team in place and only 50% outsourcing cyber responsibilities.
What CTOs around the world think
The research surveyed 500 global CTOs about the biggest challenges facing their organization. Other key findings from the research included:
- Multifactor authentication (MFA) adoption is strong, with 88% of organizations employing it in some way
- However, 47% have not implemented ransomware protection, despite its ever-increasing popularity among cybercriminals
- 58% are not using security information and event management (SIEM), and 41% have not employed privileged access management (PAM)
- Conversely, 92% have implemented disaster recovery (DR) capabilities such as automated backups
Maciej Dziergwa, CEO at STX Next, said: “Our survey shows that, despite the inexorable rise of ransomware in the last couple of years, the biggest security concern in the minds of CTOs remains the potential impact of human error. This is understandable given that in order to be successful, many types of cyberattack rely on someone inadvertently clicking a link or downloading a file.
“Where things really get interesting, however, is when we see what businesses are doing to protect themselves against these threats. Companies that employ their own dedicated cyber team are still in the minority, and while outsourcing is preferred, this isn’t a common policy at the majority of organizations either.
“It’s a similar situation when looking at certain key protective tools that haven’t yet been implemented on a large scale, such as ransomware protection. The established presence of measures such as multi-factor authentication provide some cause for optimism though, so it will be interesting to see if the other security features follow a similar trajectory in the near future.”
The importance of applying disaster recovery
Dziergwa believes that to further shore up security capabilities, businesses should look closely at how disaster recovery processes have been successfully implemented, and aim to replicate these approaches for cyber.
He added: “The strong presence of disaster recovery planning shows that organizations are doing well when it comes to the more all-encompassing, overarching responsibilities that ensure the business is resilient in the face of unexpected disruption. The next step is for leaders to apply this approach to the more granular elements of cybersecurity, including anti-ransomware tools.”
He concluded: “After all, security features are designed in many cases to reduce the potential for human error to cause major cyber incidents. By investing more heavily in these areas, CTOs will have less need to worry about any risky behaviour by their staff in future.”