SolarWinds Research Reveals Negligent Users as Top Cybersecurity Threat to German Organisations

Key Findings

Threat Trends: Internal Users Put Organisations at Risk

Types of cybersecurity threats leading to security incidents within the past 12 months:

• Out of a variety of security incidents, 80% of respondents attributed the largest portion of cybersecurity threats to internal users making mistakes, while 31% attributed at least a portion to external threat actors; followed by 36% that indicated exposures caused by poor network system and/or application security have led to security incidents.
• 70% indicated regular employees are the users who pose the biggest risk for insider abuse and/or misuse, followed by privileged IT administrators and executives (45% and 33%, respectively).
• 45% named poor password management as the most common cause of accidental/careless insider breaches from employees and contractors, while 42% of tech pros surveyed state that sharing passwords is the most common cause, followed by accidentally exposing, deleting, corrupting, and/or modifying critical data and copying data to unsecured devices (40% and 36%, respectively).

The following cybersecurity threats could lead to security incidents in the next 12 months:

• 55% of respondents are extremely concerned or moderately concerned (combined) about internal users making mistakes that put organisations at risk. This is followed by 50% and 42% indicating exposure caused by poor network system and/or system security and external threat actors infiltrating their organisation’s network and/or systems as the top concerns, respectively.
• Nearly half of tech pros surveyed are extremely concerned or moderately concerned (combined) that cybercriminals will lead to security incidents in the next twelve months, while one-third of tech pros feel the same about cyberterrorists—and one-fifth of tech pros indicating nation-state actors as top concerns within the same timeframe.

IT Skillsets and Landscape: Not Sufficiently Equipped

• 89% of tech pros feel unequipped to successfully implement and manage cybersecurity tasks today given their current IT skillset, while over half of tech pros surveyed (54%) feel unequipped to utilize predictive analytics to determine the likelihood of outcomes in their architecture.
• One-fourth of tech pros feel the most significant barrier to maintaining and improving IT security within their organisation is the complexity of their IT infrastructure, followed by budget constraints (20%), and lack of manpower (19%).
• 45% of tech pros surveyed have adopted a hybrid approach to their IT security, protecting and managing the security of their own network but also using a managed provider to deliver some security services—while 43% are self-managed and 6% outsource entirely.

Top Security Technologies

• Top technologies used by technology professionals according to respondents include:
• Detection:
  • Access rights management (64%)
  • IDS and/ or IPS (48%)
  • Vulnerability assessment (38%)
• Protection:
  • Email security (77%)
  • Data encryption (70%)
  • Endpoint protection (65%)
  • Patch management (65%)
• Risk management:
  • Identity governance (58%)
  • Asset management (55%)
  • Governance, risk, and compliance (GRC) (45%)
• Response and recovery:
  • Backup and recovery (70%)
  • Access rights management (50%)
  • Incident response (37%)

The findings are based on a survey fielded in August/September 2019, which yielded responses from 110 technology practitioners, managers, and directors in Germany from public- and private-sector small, mid-size and enterprise organisations.