With the majority of business owners finding it more difficult to defend against cyber-threats compared to the pre-pandemic period, hybrid workers have once again been blamed for cybersecurity headaches.
A new survey from endpoint management provider Tanium found that employees are the “main cause” of avoidable security incidents.
More precisely - employees clicking on links and attachments sent in phishing emails.
Avoidable incidents
According to Tanium, more than half (54%) of the respondents have had their staff interact with malicious content sent via email, making it the most common facilitator of cyberattacks. In public sector organizations, 64% found avoidable security incidents caused this way. What’s more, 71% of business owners claim it’s more difficult to defend against threats, with the introduction of hybrid workers (following the pandemic).
The second-highest avoidable incident (50%) is security misconfiguration, including things like poor password hygiene, or employees outright failing to protect sensitive data with any form of credentials.
Tanium also says that things would be a lot better if these firms had the right assets. The third most common avoidable incident is the lack of cybersecurity software that can prevent cyberattacks (47%). In fact, some companies fail to use even the most mainstream cybersecurity tools, it added. For example, only 19% use web vulnerability scanning, 17% use penetration testing software, and 11% have used packet sniffers for at least five years.
Going forward, most organizations will look to defend themselves by investing in threat detection and endpoint security a bit more. Almost half (49%) will focus on threat detection next year, while just slightly less (46%) will focus on endpoint security. Finally, the third-highest area of planned investment is in data recovery and backup tools (45%).
- Here's our rundown of the best ID theft protection tools at the moment