Organizations continue to be at risk from insider threats because they lack strong identity management solutions, whether it's end users clicking on spam, issues with multifactor authentication (MFA), or companies keeping their decisions about security and identity separate, according to three new surveys released by F-Secure, SecureAuth Core Security and ObserveIT.
According to news from F-Secure, email spam, a decades-old threat, remains a popular attack method choice among cyber-criminals. “Spam is becoming an increasingly successful attack vector, with click rates rising from 13.4% in the second half of 2017 to 14.2% in 2018,” said Adam Sheehan, behavioral science lead at MWR InfoSecurity (which was acquired by F-Secure in June 2018), in a press release.
In addition to the risks from email spam campaigns, businesses continue to struggle when it comes to defending against insider threats. ObserveIT today released Multigenerational Workforce and Insider Threat Risk study, which found that there is a disconnect between cybersecurity awareness and insider-threat risk. Despite the fact that the survey found 65% of the 1,000 respondents know what insider threats are, those threats continue to rise.
The study went on to look at the different behaviors by generation and found that 90% of 45-54-year-olds adhere to their organization’s cybersecurity policy, while a third (34%) of 18-24-year-olds said they don’t know what is included in the cybersecurity policy of their employers.
Looking at the rise of email spam campaigns in conjunction with these statistics on insider threats highlights the formidable problem organizations face from their employees. Whether users click on malicious links is only one factor in the overall risks of insider threats, but defending against insider threats requires a strong identity management policy, which many organizations have yet to implement, according to SecureAuth Core Security.
Results of a Cybersecurity and Identity Gap Survey, conducted by SecureAuth Core Security, found that a majority of businesses continue to struggle with strengthening their overall cybersecurity posture because they’re not aligning cybersecurity measures with identity practices. Only half of the organizations surveyed reported using two-factor authentication (2FA) or MFA.
Of those who have implemented these strategies, 65% of respondents expressed dislike for 2FA and MFA. When it comes to downloading and using a mobile app to initiate the authentication process, 63% of respondents said they experience friction from employees.
“Despite increased spending on cybersecurity capabilities, breaches still continue to rise, showing the status quo is no longer good enough,” said Jeff Kukowski, CEO of SecureAuth Core Security, in today’s press release. “The industry must begin to approach cybersecurity and identity management together to better detect and mitigate risks, rather than treat them as disparate silos that don’t communicate with each other and actually increase the threat surface.”