Human error is biggest problem in cybersecurity, Nuix survey finds
Human mistakes poses one of the greatest threats to cybersecurity, according to a new survey.
The technology company Nuix, which has its North American headquarters in Herndon, on Friday released the findings from its third annual survey of corporate information security practitioners. They almost universally agreed that human behavior is their largest security threat.
While businesses were investing to develop cybersecurity capabilities, many survey respondents were uncertain about the most effective technologies and capabilities to focus on.
“Cybersecurity no longer has an air of mystery about it for executives and directors, but human behavior and technological uncertainty remain prominent barriers to corporate confidence,” Ari Kaplan, the report's author, said in a statement.
The research surveyed respondents' current and planned spending. Nearly four in five respondents (79 percent) said they had increased spending on data-breach detection in the past year, and 72 percent said they planned to do so next year.
Nonetheless, a majority of respondents (52 percent) said preventing data breaches was their top spending priority, while 42 percent said detection was their primary focus.
Security executives almost unanimously agreed that human behavior was their greatest vulnerability (97 percent of participants in this year's survey, up from 93 percent last year and 88 percent in 2014).
To counter this threat, businesses are less likely to use fear to convey important security ideas — 24 percent of this year's respondents tried to scare people, compared with 39 percent last year. Instead, security leaders are using policies, awareness, and training to help people become part of the solution.
“Where this breaks down is that a large proportion of people, even after they've had security awareness training, will still put their organizations at risk by opening malicious attachments and visiting suspect websites,” Jim Kent, global head of security and intelligence at Nuix, said in a statement. “While the policies and training are crucial, we need to get better at 'idiot-proofing' our technology so that even if people do the wrong thing, the malware doesn't run or doesn't achieve its goals.”