A new report published by KnowBe4 delves into the top security challenges and issues that IT professionals and UK-based organizations face, including attack types, security initiatives and organizational limits.
This year’s edition of ‘What Keeps You Up At Night’ surveyed around 200 organizations from the top 12 UK industry verticals, such as manufacturing, technology, retail and transportation, analyzing in-depth how organizations secure their infrastructure against the cyber threats of today.
So what are the top issues that keep security teams from having a good nights’ sleep? According to the report, concerns over cyber-attacks have increased an average 125%, and untrained or malicious users were ranked the top reason UK organizations are “up at night.”
Insider threats and credential compromise were the second- and third-biggest concerns, while 68% of corporate security teams worried about the massive number of attack vectors that take advantage of the remote workforce.
Negligent users were the second “up at night” concern. The struggle of maintaining good cyber hygiene and proper user interaction when it comes to company infrastructures showed a 260% spike in data breach concerns for organizations.
“Malicious insiders are responsible for 23% of insider incidents, so it’s no surprise we see this as a close second place concern,” the researchers said. “We also see users sharing passwords is not far behind in overall concern, but achieves nearly the same level of ’up at night‘ concern as the negligent user.”
The findings are not surprising though, since only 43% of UK organizations said they have a well-established security culture, where employees share the responsibility of protecting company assets from malicious attacks and data theft. 28% of respondents said employees adopted good cyber hygiene while focusing on their work, while 27% admitted that good cybersecurity behavior is not generally adopted by workers.
When it comes to attack types, 54% of organizations believe unmanaged devices and applications are the primary issue. Ransomware, phishing and credential compromise were named the most pressing attack vectors.
“Credential compromise remains the top attack type keeping UK organizations up at night as cyber criminals go on the offensive,” the report said. “They are taking advantage of a pandemic-based remote workforce leveraging cloud applications that are seen as easy prey, needing only a basic phishing scam to trick users into giving up cloud credentials.”