IT Leaders Worry End Users Will Be the Cause of Next Major Breach

A recent survey of Enterprise IT leaders found that these leaders believed that end users are the likely cause of a future major breach. In other words, a breach involving social engineering, negligent end users, and/or insecure remote workers.

Despite deploying a wide range of security tools to address cyber threats against their organizations, the IT and security decision-makers who responded to Dark Reading's Strategic Security Survey don't seem confident in their organizations' ability to withstand attacks. Granted, a high percentage believe that the processes they have implemented, such as multifactor authentication, malware analysis capabilities, and end user security awareness training programs, are effective. Sixty-three percent are also confident in their ability to respond effectively to a ransomware attack.

However, 55% say their organizations are more vulnerable to data breaches than a year ago because attackers have more ways to target and break into their networks. In addition, 58% say their organizations are more concerned about ransomware than they were a year ago. And the future doesn't look any more optimistic, with 78% who say adversaries will target cloud service providers more in the coming year.

But from a future breach standpoint, end users remain the biggest concern. More than a third (38%) believe the primary cause of their organizations' next major data breach in the coming year will be a negligent end user or an end user who breaks security policy. Almost a quarter (24%) expect it will be some kind of super elusive social engineering scam, and 15% worry about their organizations' heavy reliance on remote systems and homeworkers. What's more, 10% feel end user security awareness programs are ineffective.