Enterprises Worry End Users Will Be the Cause of Next Major Breach

The sheer volume of data breaches and cyberattacks means these incidents are now more visible than ever. Long gone are the days when affected organizations would wait until late Friday afternoon to disclose incidents in hopes of burying the news. The heightened focus is driving security professionals to rethink their enterprise security strategies and investments in tools and services.

Despite deploying a wide range of security tools to address cyber threats against their organizations, the IT and security decision-makers who responded to Dark Reading's Strategic Security Survey don't seem confident in their organizations' ability to withstand attacks. Granted, a high percentage believe that the processes they have implemented, such as multifactor authentication, malware analysis capabilities, and end user security awareness training programs, are effective. Sixty-three percent are also confident in their ability to respond effectively to a ransomware attack.

However, 55% say their organizations are more vulnerable to data breaches than a year ago because attackers have more ways to target and break into their networks. In addition, 58% say their organizations are more concerned about ransomware than they were a year ago. And the future doesn't look any more optimistic, with 78% who say adversaries will target cloud service providers more in the coming year.

Twenty-five percent of respondents expect that if a major breach were to occur at their organizations in the next 12 months, an automated malware tool will likely be the primary cause for it.

But from a future breach standpoint, end users remain the biggest concern. More than a third (38%) believe the primary cause of their organizations' next major data breach in the coming year will be a negligent end user or an end user who breaks security policy. Almost a quarter (24%) expect it will be some kind of super elusive social engineering scam, and 15% worry about their organizations' heavy reliance on remote systems and homeworkers. What's more, 10% feel end user security awareness programs are ineffective.

Policy enforcement and the complexity associated with managing a security strategy remain big challenges. A slew of issues appears to be hampering businesses' ability to harness the full benefits of these processes and technologies. Security policy enforcement is one example. Thirty-one percent of organizations — or about the same as last year's 30% — struggled to enforce security policies at their organizations, and an identical proportion were hard-pressed to manage the complexity associated with modern security threats.

Read more for insights, read Dark Reading's Strategic Security Survey.