Human Error - The Weakest Point In Cyber Security 

Uploaded on 2024-07-12 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

"Give me a lever long enough and a fulcrum on which to place it, and I shall move the world," declared Archimedes, the ancient Greek mathematician.  Fast forward to the digital age, and it appears that cyber attackers have taken this concept to heart, with the fulcrum being the human factor in cybersecurity. 

However now with the rising concerns over cyber threats, Chief Information Security Officers (CISOs) are showing increased confidence in their ability to counter these risks, marking a notable shift in the cyber security landscape, according to Proofpoint.

Their 2024 Voice of the CISO Report examines global third-party survey responses from 1,600 CISOs from organisations of 1,000 employees or more across different industries.  

The 2024 Voice of the CISO report examines global third-party survey responses from 1,600 CISOs from organisations of 1,000 employees or more across different industries. 

CISOs’ Confidence is Growing 

According to the research, 70% of surveyed CISOs feel at risk of a material cyber attack over the next 12 months, compared to 68% the year before, and 48% in 2022. As a consequence, CISOs today clearly remain on high alert, but confidence amongst them is growing: just 43% feel unprepared to cope with a targeted cyber attack, showing a marked decrease over last year’s 61% and 50% in 2022.  

Human error continues to be perceived as the Achilles’ heel problem of cyber security, with 74% of CISOs identifying it as the most significant vulnerability.

However, there’s growing optimism in the role of AI-powered solutions to mitigate human-centric risks, reflecting a strategic turn towards technology-driven defenses. “While the cyber security landscape continues to evolve with increasing human-centric threats, the 2024 Voice of the CISO report highlights what appears to be a vital shift towards greater resilience, preparedness and confidence amongst global CISOs,” said Patrick Joyce, global resident CISO at Proofpoint.  

“This year’s findings underscore a collective move towards strategic defenses, including enhanced education, technological adoption, and an adaptive approach to emerging threats like generative AI.” Joyce commented.

CISOs Concerned About AI Security Threats 

This year, we are seeing an increase in the number of CISOs who view human error as their organisation’s biggest cyber vulnerability, 74% in this year’s survey vs. 60% in 2023.  However, 86% of CISOs believe that employees understand their role in protecting the organisation.  

This confidence is higher than in previous years, 61% in 2023 and 60% in 2022. This may be attributed to the 87% of CISOs surveyed looking to deploy AI powered capabilities to help protect against human error and advanced human-centered cyber threats.  

In 2024, 70% of CISOs surveyed feel at risk of experiencing a material cyber attack in the next 12 months, compared to 68% in 2023 and 48% in 2022.  However, just 43% feel their organisation is unprepared to cope with a targeted cyber attack, compared to 61% in 2023 and 50% in 2022.  

  • 54% of CISOs surveyed believe that Generative AI poses a security risk to their organisation. The top three systems CISOs view as introducing risk to their organisations are: ChatGPT/other GenAI (44%), Slack/Teams/Zoom/other collaboration tools (39%) and Microsoft 365 (38%).  
  • 46% of security leaders reported having to deal with a material loss of sensitive data in the past 12 months, and of those, 73% agreed that employees leaving the organisation contributed to the loss. Despite those losses, 81% of CISOs believe they have adequate controls to protect their data.  
  • 51% of CISOs surveyed in 2024 have data loss prevention technology (DLP) in place compared to just 35% in 2023. 53% of CISOs surveyed invested in educating employees on data security best practices which is higher in 2024 compared to 2023 (39%). 

Ransomware & Malware Are The Top CISOs Concens

The biggest cyber security threats perceived by CISOs in 2024 are ransomware attacks (41%), malware (38%) and email fraud (36%). These top threats are different from last year; Business Email Compromise (BEC) moved down from the first spot, ransomware moved up to first place and malware up to second place. In 2024, there’s no change from CISOs’ view on paying a ransom. 62% of CISOs believe their organisation would pay to restore systems and prevent data release if attacked by ransomware in the next 12 months.  

  • 79% of CISOs said they would rely on cyber insurance claims to recover potential losses incurred, compared to 61% in 2023. 
  • 84% of CISOs agree their board members see eye-to-eye with them on cyber security issues. This is a significant jump from 62% in 2023, and 51% in 2022.  
  • 53% of CISOs admitted to burnout compared to 60% last year, while 66% feel they face excessive expectations, a steady increase from 61% last year and 49% in 2022.  

The sustainability of the ongoing expectations on CISOs continues to be tested—66% are concerned about personal liability (62% in 2023) and 72% (61% in 2023) would not join an organisation that does not offer Directors & Officers (D&O) insurance coverage.  

In addition, 59% of CISOs agreed that the current economic downturn has hampered their ability to make business-critical investments, with 48% of them being asked to cut staff or delay replacements to reduce security budgets.  

“As we navigate through the complexities of today’s cyber threat environment, it’s encouraging to see CISOs gaining confidence in their strategies and tools... However, the ongoing challenges of employee turnover, pressure on resources, and the need for continuous board engagement remind us that vigilance and adaptation are key to our collective cyber resilience.” commented Ryan Kalember, chief strategy officer at Proofpoint.

Proofpoint   |     Hipther   |    HelpNest Security   |      @MartyRaymond 

Image: Unsplash

You Might Also Read: 

Too Many Corporate Employees Ignore Cyber Security:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Growing Menace Of Ransomware
Warning - APT40 Espionage Group At Work »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

National Agency for the Security of Information Systems (ANSSI) - France

National Agency for the Security of Information Systems (ANSSI) - France

The role of Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) is to foster a coordinated, ambitious, pro-active response to cybersecurity issues in France.

Seclab

Seclab

Seclab is an innovative player in the protection of industrial systems and critical infrastructure against sophisticated cyber attacks.

CERT Syria

CERT Syria

CERT Syria is the national Computer Emergency Response Team for Syria.

Centre for Cyber Security (CFCS) - Denmark

Centre for Cyber Security (CFCS) - Denmark

The Centre for Cyber Security is the Danish national IT security authority, Network Security Service and Centre for Excellence within cyber security.

GraVoc

GraVoc

GraVoc is a technology-consulting firm committed to solving business problems for customers through the development, implementation, & support of technology-based solutions.

RiskRecon

RiskRecon

RiskRecon makes it easy to gain deep, risk contextualized insight into the cybersecurity risk performance of all of your third parties.

Asia Data Destruction (ADD)

Asia Data Destruction (ADD)

ADD is the leading IT Assets Disposal and Data Destruction Company in Thailand.

Rizikon Assurance

Rizikon Assurance

Rizikon Assurance is an Online System that improves Third-Party Assurance and Risk Management, through efficiency, automation and better visibility.

Ergo

Ergo

Ergo is a world-class IT Partner of choice, leveraging the latest technology available in cloud, mobility, big data, analytics, and social media.

SecureStrux

SecureStrux

SecureStrux are a cybersecurity consulting firm providing specialized services in the areas of compliance, vulnerability assessment, computer network defense, and cybersecurity strategies.

Cybermerc

Cybermerc

Cybermerc's services, training programmes and cyber security solutions are designed to forge collaborations across industry, government and academia, for collective defence of our digital borders.

Alkira

Alkira

Alkira has reinvented networking for the cloud era by delivering the network cloud, the first global unified network infrastructure with on-demand hybrid and multi-cloud connectivity.

VISTA InfoSec

VISTA InfoSec

VISTA InfoSec is a global Information Security Consulting firm with offices based in US, UK, Singapore and India.

Gatefy

Gatefy

Getfy is a cybersecurity company specialized in artificial intelligence and machine learning. We work to solve challenging issues, especially those involving email security.

Cyberlocke

Cyberlocke

Cyberlocke is dedicated to finding inventive solutions to meet the distinct IT obstacles of each organization we support.

ViCyber

ViCyber

ViCyber is an Australian based company whose mission is to simplify and strengthen cybersecurity for all businesses, irrespective of size.