SolarWinds Research Reveals Negligent Users as Top Cybersecurity Threat to German Organisations
SolarWinds (NYSE:SWI), a leading provider of powerful and affordable IT management software, today released findings of its latest cybersecurity resea
Threat Trends: Internal Users Put Organisations at Risk
Types of cybersecurity threats leading to security incidents within the past 12 months:
- Out of a variety of security incidents, 80% of respondents attributed the largest portion of cybersecurity threats to internal users making mistakes, while 31% attributed at least a portion to external threat actors; followed by 36% that indicated exposures caused by poor network system and/or application security have led to security incidents.
- 70% indicated regular employees are the users who pose the biggest risk for insider abuse and/or misuse, followed by privileged IT administrators and executives (45% and 33%, respectively).
- 45% named poor password management as the most common cause of accidental/careless insider breaches from employees and contractors, while 42% of tech pros surveyed state that sharing passwords is the most common cause, followed by accidentally exposing, deleting, corrupting, and/or modifying critical data and copying data to unsecured devices (40% and 36%, respectively).
The following cybersecurity threats could lead to security incidents in the next 12 months:
- 55% of respondents are extremely concerned or moderately concerned (combined) about internal users making mistakes that put organisations at risk. This is followed by 50% and 42% indicating exposure caused by poor network system and/or system security and external threat actors infiltrating their organisation’s network and/or systems as the top concerns, respectively.
- Nearly half of tech pros surveyed are extremely concerned or moderately concerned (combined) that cybercriminals will lead to security incidents in the next twelve months, while one-third of tech pros feel the same about cyberterrorists—and one-fifth of tech pros indicating nation-state actors as top concerns within the same timeframe.
IT Skillsets and Landscape: Not Sufficiently Equipped
- 89% of tech pros feel unequipped to successfully implement and manage cybersecurity tasks today given their current IT skillset, while over half of tech pros surveyed (54%) feel unequipped to utilize predictive analytics to determine the likelihood of outcomes in their architecture.
- One-fourth of tech pros feel the most significant barrier to maintaining and improving IT security within their organisation is the complexity of their IT infrastructure, followed by budget constraints (20%), and lack of manpower (19%).
- 45% of tech pros surveyed have adopted a hybrid approach to their IT security, protecting and managing the security of their own network but also using a managed provider to deliver some security services—while 43% are self-managed and 6% outsource entirely.
Top Security Technologies
- Top technologies used by technology professionals according to respondents include:
- Access rights management (64%)
- IDS and/ or IPS (48%)
- Vulnerability assessment (38%)
- Email security (77%)
- Data encryption (70%)
- Endpoint protection (65%)
- Patch management (65%)
- Risk management:
- Identity governance (58%)
- Asset management (55%)
- Governance, risk, and compliance (GRC) (45%)
- Response and recovery:
- Backup and recovery (70%)
- Access rights management (50%)
- Incident response (37%)
The findings are based on a survey fielded in August/September 2019, which yielded responses from 110 technology practitioners, managers, and directors in Germany from public- and private-sector small, mid-size and enterprise organisations.