With the majority of business owners finding it more difficult to defend against cyber threats compared to the pre-pandemic period, hybrid workers are (opens in new tab) have again been blamed for cybersecurity headaches.
A new survey from endpoint (opens in new tab) management provider Tanium found that employees are the “root cause” of preventable security incidents.
More precisely, employees click on links and attachments sent in phishing emails.
Avoidable incidents
According to Tanium, more than half (54%) of respondents have had their staff respond to malicious content sent via email, making it the most common facilitator of cyberattacks. In public sector organizations, 64% found preventable security incidents caused in this way. In addition, 71% of business owners claim that it is more difficult to defend against threats due to the introduction of hybrid workers (post-pandemic).
The second most avoidable incident (50%) is security misconfiguration, including things like poor password hygiene or employees blatantly failing to protect sensitive data with any kind of credentials.
Tanium also says things would go a lot better if these companies had the right assets. The third most common preventable incident is the lack of cybersecurity software that can prevent cyberattacks (47%). Some companies don’t even use the most common cybersecurity tools, it added. For example, only 19% use web vulnerability scans, 17% use penetration testing software, and 11% have used package sniffers for at least five years.
Going forward, most organizations will try to defend themselves by investing a little more in threat detection and endpoint security. Nearly half (49%) will focus on threat detection next year, while just under (46%) will focus on endpoint security. Finally, the third highest area of planned investment is in data recovery and backup tools (45%).