80% of Companies say "Careless End Users" are their Biggest Security Threat

According to new findings, KnowBe4, a security awareness training firm, and research firm ITIC, found that 80 percent of companies say that "end user carelessness" is the biggest security threat to their systems and networks.

(Tampa Bay, FL) Nov. 26, 2013 -- An overwhelming 80% of companies say that "end user carelessness" constitutes the biggest security threat to their organizations, surpassing the ever-present peril posed by malware or organized hacker attacks.The study was conducted by KnowBe4, a security awareness training firm, and ITIC, a research and consulting firm based in the Boston area specializing in independent surveys tracking crucial technology and business trends.

The survey also found that 65 percent of businesses do not calculate the cost or business impact of security-related downtime and over 30 percent of firms are unable to detect or defend against a security breach in a timely manner if and when one does occur. Those are among the top findings of the ITIC/KnowBe4 "2013 – 2014 Security Deployment Trends Survey." The joint, independent Web-based survey polled 500 organizations in October and November 2013 on the leading security threats and challenges facing their firms and their top priorities over the next 12 to 18 months.

"The survey responses underscore the fact that IT and security administrators are caught in the middle between upper management and end users," said Stu Sjouwerman, KnowBe4 CEO. "They have difficulty convincing upper management to allocate the necessary monies and resources to secure the network – and their hands are tied when it comes to safeguarding corporate data from unwitting end user errors that make systems and networks vulnerable to malware and phishing threats."

Laura DiDio, ITIC Principal Analyst agreed, noting, "This survey paints a clear picture of 'we have met the enemy and it is us.' IT departments are saying loudly and clearly that they find it extremely challenging to secure their systems and networks against new threats when so many users are using BYOD and remote access."

Among the other ITIC/KnowBe4.com survey highlights:

 Of the 21 percent of organizations that claim to track downtime costs, only 38 percent of respondents were able to provide specific cost estimates of hourly losses due to security breaches. In reality, only 5 to 8 percent of the total number of 500 respondent businesses could provide specific cost estimates related to security breaches/hacks.

 Some 35 percent of firms expressed fear/concern about the threat posed by external, organized hackers.

 Malware and viruses remain the most common type of security breach according to 56 percent of survey

 Only seven percent of IT departments spend 60 to 100 percent of their time on security-related endeavors.

For necessary and vital security measures, every firm should conduct regular risk assessment reviews, adopt the 'defense-in-depth' strategy and create a strong first layer: security policy, procedure and security awareness training to deal with BYOD deployments.

The "defense-in-depth" strategy's security awareness training is a crucial component in BYOD deployments. Kevin Mitnick Security Training addresses that issue. This training ensures employees understand the mechanisms of spam, phishing, spear-phishing, malware and social engineering and can apply this knowledge to their personal devices used at the workplace.

About Stu Sjouwerman and KnowBe4:
Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based security awareness training to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. He and his colleagues work with companies in many different industries, including highly regulated fields such as healthcare, finance and insurance. Sjouwerman is the author of four books; his latest is Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.

About Laura DiDio and ITIC:
Laura DiDio is the founder and Principal Analyst of Information Technology Intelligence Corp. which provides research and consulting on a wide range of technology and business topics. DiDio has over 20 years experience as a high technology industry analyst and reporter with firms like Yankee Group, Giga Information Group and Computerworld. DiDio also worked as an investigative reporter for various broadcasting and print outlets, including CNN and Channel 5 News in New York. Her investigative reports have appeared in The Village Voice and The Minneapolis Star and Tribune.

Get the latest about social engineering

Subscribe to CyberheistNews