Human activated risk still a pain point for organizations

Egress announced the results of a report, which revealed that 56% of IT leaders say that their non-technical staff are only ‘somewhat’ prepared, or ‘not at all’ prepared, for a security attack.

Six hundred IT security leaders across a broad range of industries were anonymously surveyed regarding their organizations’ security posture in this heightened threat environment. Add to this, 77% of respondents have seen an increase in security compromises since going remote 2 years ago, and there’s a continued significant risk to organizations.

Human activated risk is introduced by human behaviours or actions, through coercion by bad actors, human error or malicious intent. Technology can malfunction or not work as it’s supposed to, but in many cases, the fault is with the person operating it. Whether through carelessness, malicious intent, or being tricked by a third party, humans can knowingly and unknowingly create massive amounts of risk that security teams need to manage.

The top attacks associated with human activated risk

• Accidental data loss via human error
• Employee spear phishing
• Business email compromise

The research results show that the top attacks or risks employees fall victim to are the result of human-activated risks, such as accidental data loss, malicious data exfiltration or falling victim to a phishing attack.

The research found that 39% of IT leaders rely on the native protections offered by Microsoft 365 and Google to defend from inbound phishing attacks. What was also revealed is that more than 39% of organizations have 6 or more security solutions in place today, an approach that appears to be bringing more software in to address the problem and hoping it gets better rather than looking at the root cause.

Other significant findings

• 30% of IT leaders polled either don’t have or don’t know if their organization has a solution to detect accidental data loss from misdirected emails.
• 60% of respondents feel the active security solutions they have in place still presents them with a challenge.
• Almost 30% of those polled (+/- 180 IT leaders) don’t understand what human activated risk is.

“Organizations are facing a formidable threat landscape, and the threat of cyber-attacks looms large”, explains Jack Chapman, VP of Threat Intelligence at Egress, “Against this backdrop, it’s alarming that most IT leaders, those responsible for protecting an organization against these threats, feel that employees aren’t fully prepared to deal with cyber-attacks. Coupled with the finding that human activated risk is the leading driver of security incidents, it’s clear that many organizations are in a vulnerable position, exposed to a wide range of serious cybersecurity threats.

“Organizations must build up their defences against attackers, provide proper training programs and also take meaningful action to tackle risks that originate from within – beginning with their people. Now is the time for organizations to re-evaluate their security posture and ensure that they are in a strong position to protect themselves and their people.”