Dive Brief:
-
About 56% of organizations admitted to making improvements to security standards, whereas a little more than one-third said improvements are not yet adequate following 2017's WannaCry attack, according to a Lastline survey conducted at the RSA Conference in San Francisco this year.
-
About 81% of cybersecurity experts agree that there will be more ransomware attacks in 2018 compared to 2017.
-
Email, followed closely by the internet of things and mobile devices, is the most threatening attack vectors in an organization's network, according to the survey.
Dive Insight:
Ransomware is one of the easiest cyberattacks to detect because it comes with an actual ransom note. However, 2017 gave way to new propagation mechanisms, which automated worming and increased infection rates.
Employee-facing services and technologies are a top concern to cybersecurity professionals. About 40% of employees use personal devices to send work emails and share or access company data without the IT department's oversight.
The bring your own device policy is challenging for IT departments to combat. Ultimately, the policy leads to unintended shadow IT, which is often the Achilles heel of solid security practices.
Negligent employee actions can cost a company about $280,000 per incident. If the cost were not enough, companies need to come to terms with the fact that 64% of security breaches are caused by ignorant employee actions.
To help companies better track the most high-risk employees, in terms of their cybersecurity incompetencies, vendors like Microsoft are including simulated ransomware or phishing attacks in their services.
Hackers will always take advantage of human error and poor judgment, so it's up to security teams to educate line of business employees.