SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
Story image
Human error is the top cyber threat, according to CTOs
Thu, 29th Feb 2024

A recent study by IT consulting agency STX Next reveals that 59% of Chief Technology Officers (CTOs) regard human errors as the most significant cyber threat within their organisations. The study also pointed out ransomware (48%) and phishing attacks (40%) as major concerns.

The research found that in the face of these threats, most CTOs deploy multi-factor authentication (MFA) and identity access management technology (IAM), with 90% and 91% adoption respectively. The study is based on STX Next's 2023 Global CTO Survey, which questioned 500 CTOs worldwide about the primary challenges their organisations face.

Additional findings showed that only a quarter (24%) of the respondents identified security as the main organisational challenge, ranking fourth. Regardless of the increasing risk of attack, less than half (49%) of the surveyed companies currently have a cyber insurance policy, while slightly more than half (59%) have implemented a ransomware protection solution.

The survey results also revealed that only 36% of companies maintain dedicated in-house security teams, contrasting with 53% that employ external specialised companies for security provision.

Krzysztof Olejniczak, CISO at STX Next, commented on the findings, "The data from this year’s survey indicates that employees are still the weakest point of company security. Despite deployment of comprehensive technology, poor implementation, substandard support processes or lack of governance can render these efforts useless."

Olejniczak continued, "Cybercriminals are often not relying on incredibly advanced and sophisticated methods of attack, but on human error and social engineering techniques. This method of attack is still the most popular and successful." He further pointed out that human errors can also include internal fraud, "where employees intentionally do not follow procedures and expose critical information."

Besides educating staff to recognise and respond to new threats and periodically testing their resilience, Olejniczak suggests that "solutions such as MFA, IAM and SSO are quickly becoming an industry standard for the modern business and can provide an additional line of defence to limit the risk of human error."

Olejniczak also highlighted the necessity of smaller companies to access the services of specialised cybersecurity solutions or providers in the form of vCISO services, due to generally lacking in-house security teams. He emphasised that without adequate protections, businesses put themselves at risk of attacks, either directly or through their supply chain. He concluded by stating, "Whether in-house or outsourced, CTOs and CISOs must take steps to support their teams and ensure that they are prepared and protected for the inevitability of attack."