Human Error - The Weakest Point In Cyber Security 

Uploaded on 2024-07-12 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

"Give me a lever long enough and a fulcrum on which to place it, and I shall move the world," declared Archimedes, the ancient Greek mathematician.  Fast forward to the digital age, and it appears that cyber attackers have taken this concept to heart, with the fulcrum being the human factor in cybersecurity. 

However now with the rising concerns over cyber threats, Chief Information Security Officers (CISOs) are showing increased confidence in their ability to counter these risks, marking a notable shift in the cyber security landscape, according to Proofpoint.

Their 2024 Voice of the CISO Report examines global third-party survey responses from 1,600 CISOs from organisations of 1,000 employees or more across different industries.  

The 2024 Voice of the CISO report examines global third-party survey responses from 1,600 CISOs from organisations of 1,000 employees or more across different industries. 

CISOs’ Confidence is Growing 

According to the research, 70% of surveyed CISOs feel at risk of a material cyber attack over the next 12 months, compared to 68% the year before, and 48% in 2022. As a consequence, CISOs today clearly remain on high alert, but confidence amongst them is growing: just 43% feel unprepared to cope with a targeted cyber attack, showing a marked decrease over last year’s 61% and 50% in 2022.  

Human error continues to be perceived as the Achilles’ heel problem of cyber security, with 74% of CISOs identifying it as the most significant vulnerability.

However, there’s growing optimism in the role of AI-powered solutions to mitigate human-centric risks, reflecting a strategic turn towards technology-driven defenses. “While the cyber security landscape continues to evolve with increasing human-centric threats, the 2024 Voice of the CISO report highlights what appears to be a vital shift towards greater resilience, preparedness and confidence amongst global CISOs,” said Patrick Joyce, global resident CISO at Proofpoint.  

“This year’s findings underscore a collective move towards strategic defenses, including enhanced education, technological adoption, and an adaptive approach to emerging threats like generative AI.” Joyce commented.

CISOs Concerned About AI Security Threats 

This year, we are seeing an increase in the number of CISOs who view human error as their organisation’s biggest cyber vulnerability, 74% in this year’s survey vs. 60% in 2023.  However, 86% of CISOs believe that employees understand their role in protecting the organisation.  

This confidence is higher than in previous years, 61% in 2023 and 60% in 2022. This may be attributed to the 87% of CISOs surveyed looking to deploy AI powered capabilities to help protect against human error and advanced human-centered cyber threats.  

In 2024, 70% of CISOs surveyed feel at risk of experiencing a material cyber attack in the next 12 months, compared to 68% in 2023 and 48% in 2022.  However, just 43% feel their organisation is unprepared to cope with a targeted cyber attack, compared to 61% in 2023 and 50% in 2022.  

  • 54% of CISOs surveyed believe that Generative AI poses a security risk to their organisation. The top three systems CISOs view as introducing risk to their organisations are: ChatGPT/other GenAI (44%), Slack/Teams/Zoom/other collaboration tools (39%) and Microsoft 365 (38%).  
  • 46% of security leaders reported having to deal with a material loss of sensitive data in the past 12 months, and of those, 73% agreed that employees leaving the organisation contributed to the loss. Despite those losses, 81% of CISOs believe they have adequate controls to protect their data.  
  • 51% of CISOs surveyed in 2024 have data loss prevention technology (DLP) in place compared to just 35% in 2023. 53% of CISOs surveyed invested in educating employees on data security best practices which is higher in 2024 compared to 2023 (39%). 

Ransomware & Malware Are The Top CISOs Concens

The biggest cyber security threats perceived by CISOs in 2024 are ransomware attacks (41%), malware (38%) and email fraud (36%). These top threats are different from last year; Business Email Compromise (BEC) moved down from the first spot, ransomware moved up to first place and malware up to second place. In 2024, there’s no change from CISOs’ view on paying a ransom. 62% of CISOs believe their organisation would pay to restore systems and prevent data release if attacked by ransomware in the next 12 months.  

  • 79% of CISOs said they would rely on cyber insurance claims to recover potential losses incurred, compared to 61% in 2023. 
  • 84% of CISOs agree their board members see eye-to-eye with them on cyber security issues. This is a significant jump from 62% in 2023, and 51% in 2022.  
  • 53% of CISOs admitted to burnout compared to 60% last year, while 66% feel they face excessive expectations, a steady increase from 61% last year and 49% in 2022.  

The sustainability of the ongoing expectations on CISOs continues to be tested—66% are concerned about personal liability (62% in 2023) and 72% (61% in 2023) would not join an organisation that does not offer Directors & Officers (D&O) insurance coverage.  

In addition, 59% of CISOs agreed that the current economic downturn has hampered their ability to make business-critical investments, with 48% of them being asked to cut staff or delay replacements to reduce security budgets.  

“As we navigate through the complexities of today’s cyber threat environment, it’s encouraging to see CISOs gaining confidence in their strategies and tools... However, the ongoing challenges of employee turnover, pressure on resources, and the need for continuous board engagement remind us that vigilance and adaptation are key to our collective cyber resilience.” commented Ryan Kalember, chief strategy officer at Proofpoint.

Proofpoint   |     Hipther   |    HelpNest Security   |      @MartyRaymond 

Image: Unsplash

You Might Also Read: 

Too Many Corporate Employees Ignore Cyber Security:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Growing Menace Of Ransomware
Warning - APT40 Espionage Group At Work »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resilient Information Systems Security (RISS)

Resilient Information Systems Security (RISS)

RISS is a research group is in the Department of Computing at Imperial College London.

BeOne Development

BeOne Development

BeOne Development provide innovative training and learning solutions for information security and compliance.

SecuPi

SecuPi

SecuPi delivers data-centric security with data-flow discovery, real-time monitoring, behavior analytics, and protection across web and enterprise applications and big data environments.

SlashNext

SlashNext

The SlashNext Internet Access Protection System (IAPS) provides Zero-Day protection against all internet access threats including Social Engineering & Phishing, Malware, Exploits and Callback Attacks.

Dreamlab Technologies

Dreamlab Technologies

Dreamlab specialises in securing critical IT infrastructures. We offer qualitative support and advice for managing your infrastructure and cyber security needs.

Sysdig

Sysdig

With Sysdig teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance.

IPQualityScore (IPQS)

IPQualityScore (IPQS)

IPQS anti-fraud tools provide a real-time fraud score to analyze how likely a user or visitor is to engage in fraudulent behavior.

Wise-Mon

Wise-Mon

Wise-Mon is expert in its field of network monitoring and control. We give solutions to huge organizations with tens of thousands of ports, as well as small companies with one switch.

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries is America’s largest military shipbuilding company and a provider of professional services to partners in government and industry.

HiSolutions

HiSolutions

HiSolutions is a renowned consulting firms for IT governance, risk & compliance in Germany, combining highly specialized know-how in the field with profound process competence.

Millennium Corporation

Millennium Corporation

For nearly two decades, Millennium Corporation has been operating on the leading edge of cybersecurity.

DV Cyber Security

DV Cyber Security

DV Cyber (formerly A76) is an innovative cyber security company vertically focused on Threat Intelligence and Cyber Security Research.

Applied Insight

Applied Insight

Applied Insight work closely with government agencies and industry to overcome technical and cultural hurdles to innovation, empowering them with the latest cloud, data and cyber capabilities.

IT Voice

IT Voice

IT Voice specializes in Managed IT and VoIP solutions. Our focus is simplifying the technology so our customers can stay focused on what they do best.

NeuroID

NeuroID

NeuroID combines the power of industry-leading behavioral analytics with advanced device and network intelligence to create your first line of defense against malicious bots, bad actors, and fraud.

Interpres Security

Interpres Security

Interpres Security operationalizes TTP-based threat intelligence and automates continuous exposure monitoring to help CISOs and security practitioners reduce threat exposure.