A recently published 2015 security study has shown cyberattacks are pervasive and are likely to be suffered by virtually all organizations. However, IT security professionals have been taking proactive steps to reduce end user security risk and have also implemented better cybersecurity solutions to keep networks secure. Consequently, they feel much better able to deal with 2016 security threats.

New 2015 security study indicates 80% of organizations have suffered a security incident this year

Optimism appears to be high and many organizations believe they will be able to prevent security incidents from being suffered in 2016, which is great news. Unfortunately, that does not appear to have been the case this year. According to the Spiceworks study, 80% of respondents suffered a security incident in 2015.

Even though 8 out of ten organizations admitted to being attacked this year, they do feel they will be better able to deal with whatever 2016 has in store. Seven out of ten respondents said they would be better equipped to deal with cybersecurity attacks in 2016.

The reason for the optimism is an increased investment in both cybersecurity solutions and the provision of further training to members of staff. A more security conscious workforce means it will be much easier to prevent security breaches caused by malware infections, phishing attacks, and ransomware.

The study indicated that 51% of companies were attacked by malware this year, while 38% suffered phishing attacks. Ransomware is a cause for concern and threats have been reported extensively in the media, yet only 20% of companies actually suffered a ransomware infection.

Theft of corporate data only suffered by 5% of companies

There have been numerous reports of data breaches being suffered in 2015, and hackers have been able to steal corporate data and tens of millions of consumer records, yet the survey indicates only 5% of respondents actually suffered data theft this year. 12% of companies reported instances of password theft during 2015. That said, it is still a major cause of concern. 37% of respondents said they were still worried about the theft of data and passwords.

End user security risk main cause for concern among IT security professionals?

The study revealed what is keeping IT security professionals awake at night, and for the vast majority it is the threat posed by end users. IT security professionals can invest heavily in security defenses to keep hackers at bay, yet all the effort can be undone by the actions of a single employee. 48% of respondents were concerned about end users installing software on their work devices or the use of unauthorized technology.  80% claimed the biggest data security challenge was reducing end user security risk.

IT security pros also rated devices by the level of risk they posed to network security.

Riskiest network connected devices:

  • Laptops: 81%
  • Desktops: 73%
  • Smartphones: 70%
  • Tablets: 63%
  • IoT Devices: 50%

Measures have been taken to reduce end user security risk

IT security professionals are well aware that it can be a nightmare preventing end users from doing stupid things that result in their devices and corporate networks being compromised. Fortunately, they have realized there is a very simple and effective proactive step that can be taken to reduce end user security risk. That is to provide staff with security training.

The IT department can implement a wide range of sophisticated defenses to prevent security incidents, but if end users install malware on the network, respond to a phishing campaign, or give their login credentials out to a scammer, it will all be for nothing.

Respondents realized there is no use complaining about the risk that end users pose. Action must be taken to reduce end user security risk. By providing training on current threats and network security risks, the staff can be empowered to take action to keep their network secure.

Training employees to be more security conscious and instructing them how to identify scams and avoid malware is a highly effective strategy for reducing network security risk. The study revealed that 73% of IT security professionals have enforced end user data security policies and regular end user security training is now being provided by 72% of IT security pros.