Human Error - The Weakest Point In Cyber Security 

Uploaded on 2024-07-12 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

"Give me a lever long enough and a fulcrum on which to place it, and I shall move the world," declared Archimedes, the ancient Greek mathematician.  Fast forward to the digital age, and it appears that cyber attackers have taken this concept to heart, with the fulcrum being the human factor in cybersecurity. 

However now with the rising concerns over cyber threats, Chief Information Security Officers (CISOs) are showing increased confidence in their ability to counter these risks, marking a notable shift in the cyber security landscape, according to Proofpoint.

Their 2024 Voice of the CISO Report examines global third-party survey responses from 1,600 CISOs from organisations of 1,000 employees or more across different industries.  

The 2024 Voice of the CISO report examines global third-party survey responses from 1,600 CISOs from organisations of 1,000 employees or more across different industries. 

CISOs’ Confidence is Growing 

According to the research, 70% of surveyed CISOs feel at risk of a material cyber attack over the next 12 months, compared to 68% the year before, and 48% in 2022. As a consequence, CISOs today clearly remain on high alert, but confidence amongst them is growing: just 43% feel unprepared to cope with a targeted cyber attack, showing a marked decrease over last year’s 61% and 50% in 2022.  

Human error continues to be perceived as the Achilles’ heel problem of cyber security, with 74% of CISOs identifying it as the most significant vulnerability.

However, there’s growing optimism in the role of AI-powered solutions to mitigate human-centric risks, reflecting a strategic turn towards technology-driven defenses. “While the cyber security landscape continues to evolve with increasing human-centric threats, the 2024 Voice of the CISO report highlights what appears to be a vital shift towards greater resilience, preparedness and confidence amongst global CISOs,” said Patrick Joyce, global resident CISO at Proofpoint.  

“This year’s findings underscore a collective move towards strategic defenses, including enhanced education, technological adoption, and an adaptive approach to emerging threats like generative AI.” Joyce commented.

CISOs Concerned About AI Security Threats 

This year, we are seeing an increase in the number of CISOs who view human error as their organisation’s biggest cyber vulnerability, 74% in this year’s survey vs. 60% in 2023.  However, 86% of CISOs believe that employees understand their role in protecting the organisation.  

This confidence is higher than in previous years, 61% in 2023 and 60% in 2022. This may be attributed to the 87% of CISOs surveyed looking to deploy AI powered capabilities to help protect against human error and advanced human-centered cyber threats.  

In 2024, 70% of CISOs surveyed feel at risk of experiencing a material cyber attack in the next 12 months, compared to 68% in 2023 and 48% in 2022.  However, just 43% feel their organisation is unprepared to cope with a targeted cyber attack, compared to 61% in 2023 and 50% in 2022.  

  • 54% of CISOs surveyed believe that Generative AI poses a security risk to their organisation. The top three systems CISOs view as introducing risk to their organisations are: ChatGPT/other GenAI (44%), Slack/Teams/Zoom/other collaboration tools (39%) and Microsoft 365 (38%).  
  • 46% of security leaders reported having to deal with a material loss of sensitive data in the past 12 months, and of those, 73% agreed that employees leaving the organisation contributed to the loss. Despite those losses, 81% of CISOs believe they have adequate controls to protect their data.  
  • 51% of CISOs surveyed in 2024 have data loss prevention technology (DLP) in place compared to just 35% in 2023. 53% of CISOs surveyed invested in educating employees on data security best practices which is higher in 2024 compared to 2023 (39%). 

Ransomware & Malware Are The Top CISOs Concens

The biggest cyber security threats perceived by CISOs in 2024 are ransomware attacks (41%), malware (38%) and email fraud (36%). These top threats are different from last year; Business Email Compromise (BEC) moved down from the first spot, ransomware moved up to first place and malware up to second place. In 2024, there’s no change from CISOs’ view on paying a ransom. 62% of CISOs believe their organisation would pay to restore systems and prevent data release if attacked by ransomware in the next 12 months.  

  • 79% of CISOs said they would rely on cyber insurance claims to recover potential losses incurred, compared to 61% in 2023. 
  • 84% of CISOs agree their board members see eye-to-eye with them on cyber security issues. This is a significant jump from 62% in 2023, and 51% in 2022.  
  • 53% of CISOs admitted to burnout compared to 60% last year, while 66% feel they face excessive expectations, a steady increase from 61% last year and 49% in 2022.  

The sustainability of the ongoing expectations on CISOs continues to be tested—66% are concerned about personal liability (62% in 2023) and 72% (61% in 2023) would not join an organisation that does not offer Directors & Officers (D&O) insurance coverage.  

In addition, 59% of CISOs agreed that the current economic downturn has hampered their ability to make business-critical investments, with 48% of them being asked to cut staff or delay replacements to reduce security budgets.  

“As we navigate through the complexities of today’s cyber threat environment, it’s encouraging to see CISOs gaining confidence in their strategies and tools... However, the ongoing challenges of employee turnover, pressure on resources, and the need for continuous board engagement remind us that vigilance and adaptation are key to our collective cyber resilience.” commented Ryan Kalember, chief strategy officer at Proofpoint.

Proofpoint   |     Hipther   |    HelpNest Security   |      @MartyRaymond 

Image: Unsplash

You Might Also Read: 

Too Many Corporate Employees Ignore Cyber Security:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Growing Menace Of Ransomware
Warning - APT40 Espionage Group At Work »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IOActive

IOActive

IOActive serves as a trusted security advisor to the Global 500 and other progressive enterprises, helping to safeguard their most important assets and improve their overall security posture.

App-Ray

App-Ray

App-Ray provides fully automated security analysis of mobile applications to find security issues, privacy breaches and data leaking potentials.

DomainTools

DomainTools

DomainTools helps security analysts turn threat data into threat intelligence.

Sandline Discovery

Sandline Discovery

Sandline Discovery provides digital forensics, eDiscovery solutions, managed review and litigation consulting services.

IberLayer

IberLayer

IberLayer is the company behind the Email Guardian service, a cloud based Email Total Protection system that filters and blocks email threats.

Cyber Physical Security Research Center (CPSEC)

Cyber Physical Security Research Center (CPSEC)

CPSEC aims to contribute to the security enhancement of industrial infrastructure that creates value across cyber space and physical space.

GuardRails

GuardRails

GuardRails provides continuous security feedback that empowers developers to find, fix, and prevent vulnerabilities.

British Blockchain Association (BBA)

British Blockchain Association (BBA)

British Blockchain Association (BBA) is a not-for-profit organisation that promotes evidence-based adoption of Blockchain and Distributed Ledger Technologies (DLT) across the public and private sector

Alias

Alias

Alias (formerly Alias Forensics) provide penetration testing, vulnerability assessments, incident response and security consulting services.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.

Keepit

Keepit

Keepit offer all-inclusive, secure, and reliable backup and recovery services for your data.

Ivolv Cybersecurity

Ivolv Cybersecurity

Ivolv is here to assist your organization in building effective protection and resilience against cyber attacks.

Turngate

Turngate

Turngate simplify security investigations so you can see employee activities and entitlements in your enterprise in seconds.

5S Technologies

5S Technologies

5S Technologies is a regional IT solutions and services provider based in Cary, NC and serving the Carolinas.

Amtivo Group

Amtivo Group

Amtivo provides Certification, Inspection and Training services to national and local Government bodies, multi-nationals, enterprise clients and SMEs.

Luxembourg House of Cybersecurity (LHC)

Luxembourg House of Cybersecurity (LHC)

Luxembourg House of Cybersecurity (formerly SecurityMadeIn.lu) is the backbone of leading-edge cyber resilience in Luxembourg.