The need to address human risk management, email and phishing attacks, and generative AI among users across organizations of all types provides the backdrop for Mimecast’s SOECS 2024 report. Based on interviews with 1,100 CISOs and other information technology professionals from numerous industrial sectors and six countries, the report documents the precise nature of these risks and the steps that are being taken to overcome them.
Human risk and error are today’s biggest cybersecurity gap and remains largely unaddressed.
Email remains the number-one attack vector for cybercriminals, and phishing attacks are the top threat to email users.
The rise of phishing and ransomware is due to the emergence of generative AI, making it easier for threat actors to launch successful attacks.
Nearly three-quarters of all cyber breaches are caused by human factors — errors, stolen credentials, misuse of access privileges or social engineering.
Eight out of ten of those companies have been the victims of ransomware, while 75 percent state they paid the ransom.
Generative AI eliminates many of the grammatical and spelling errors that were once easily spotted red flags in malicious emails.
In addition to the stats above, the report addresses key topics from cybersecurity professionals working tirelessly to protect their organizations.
More than two-thirds believe employees are putting the organization at risk through the misuse of email, oversharing company information on social media, and careless web browsing.
Only 15 percent provide security awareness training to their employees on an ongoing basis. 38 percent see the growing sophistication of attacks as their biggest email security challenge.
Nine percent of IT budgets go to cybersecurity, vs. the desired 12 percent that IT professionals would like to see for cyber preparedness. One-third report being blocked from investing in cybersecurity solutions outside of Microsoft 365 offerings.
One out of three found M365's native security protections couldn't stop malware (37 percent), spam (33 percent), or phishing (33 percent) attacks. They also noted the M365 security apps couldn't block business email compromise and spoofing attacks.
Seven out of ten say collaboration tools pose urgent new threats and think they will be harmed by a collaboration tool-based attack. 37 percent say they are relying on native security protections included in their collaborative software.
Human risk remains the leading contributor to security breaches, with individuals facing increasingly tailored attacks regularly. By equipping your team with Mimecast's cybersecurity education, they evolve into proactive contributors to your security strategy.
