Despite concerns, organizations lack the budget (75 percent) and training (80 percent) to combat threats
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today released the results of new research: What Keeps You up at Night – the 2019 Report. The report looks at over 350 organizations across North America and reveals the security weaknesses and concerns within organizations. On average, 81 percent of organizations had some degree of concern around security issues.
Cybercrime continues to evolve and become more sophisticated. AI and machine learning are leveraged by many criminal organizations to help them better understand how to improve their attacks and they are now targeting specific industry verticals, organizations and even individuals. Increases in the frequency of ransomware, phishing and crypto jacking attacks were experienced by businesses of nearly every size, vertical and locale.
When it came to attack vectors, data breaches were the primary concern, with credential compromise coming in as a close second. These two issues go hand-in-hand, as misuse of credentials remains the number one attack tactic in data breaches, according to Verizon’s 2018 Data Breach Investigations Report. Phishing and ransomware ranked next, demonstrating that organizations are still not completely prepared to defend themselves against these relatively “old” attack vectors.
Other key findings from the report include:
- 92 percent of organizations rank users as their primary security concern. And at the same time, security awareness training along with phishing testing topped the list of security initiatives that organizations need to implement.
- Organizations today have a large number of attack vectors to prevent, monitor for, detect, alert and remediate; in terms of attacks, 95 percent of organizations are most concerned with data breaches.
- Ensuring security is in place to meet GDPR requirements is still a challenge for 64 percent of organizations, despite the regulation details being out for quite some time.
- Attackers’ utilization of compromised credentials is such a common tactic, 93 percent of organizations are aware of the problem, but still have lots of work to do to stop it.
- When it comes to resources, 75 percent of organizations do not have an adequate budget.
“2018 was a prolific year for successful cyberattacks, and many of them were caused by human error,” said Stu Sjouwerman, CEO of KnowBe4. “IT organizations are tasked with establishing and maintaining a layered security defense. The largest concern, as demonstrated again in this report, is employees making errors. Organizations must start with establishing a security culture, and in order to combat the escalation of social engineering, they have to ensure users are trained and tested.”
For more information, or to read the full report, please visit https://www.knowbe4.com/hubfs/The2019WhatKeepsYouUpatNightReport.pdf
KnowBe4, the provider of the world’s largest integrated security awareness training and simulated phishing platform, is used by more than 23,000 organizations worldwide. Founded by data and IT security expert Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new-school approach to security awareness training. Kevin Mitnick, internationally recognized computer security expert and KnowBe4’s Chief Hacking Officer, helped design KnowBe4’s training based on his well-documented social engineering tactics. Tens of thousands of organizations worldwide trust KnowBe4 to mobilize their employees as their last line of defense.
Number 96 on the 2018 Inc. 500 list, #34 on 2018 Deloitte’s Technology Fast 500 and #2 in Cybersecurity Ventures Cybersecurity 500. KnowBe4 is headquartered in Tampa Bay, Florida with European offices in England, the Netherlands, Germany and offices in South Africa and Singapore.