SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
CTOs see human error, ransomware and phishing as biggest security threats
Thu, 25th Nov 2021
FYI, this story is more than a year old

CTOs see human error, ransomware and phishing as the biggest security threats, according to new research from STX Next.

Despite this recognition of risk, the findings suggest that more needs to be done to properly safeguard companies against dangers, with only a quarter (26%) having a dedicated cybersecurity team in place and only 50% outsourcing cyber responsibilities.

The findings were taken from STX Next's 2021 Global CTO Survey, which surveyed 500 global CTOs about the biggest challenges facing their organisation.

STX Next is a European software development company specialising in the Python programming language. Its research has found that 59% of CTOs still see human error as the main security threat to their business, alongside  other prominent concerns such as ransomware (49%) and phishing (36%).

Other key findings from the research included:

  • Multifactor authentication (MFA) adoption is strong, with 88% of organisations employing it in some way
  • However, 47% have not implemented ransomware protection, despite its ever-increasing popularity among cybercriminals
  • 58% are not using security information and event management (SIEM), and 41% have not employed privileged access management (PAM)
  • Conversely, 92% have implemented disaster recovery (DR) capabilities such as automated backups

“Our survey shows that, despite the inexorable rise of ransomware in the last couple of years, the biggest security concern in the minds of CTOs remains the potential impact of human error," says Maciej Dziergwa, chief executive at STX Next.

"This is understandable given that in order to be successful, many types of cyberattack rely on someone inadvertently clicking a link or downloading a file.

“Where things really get interesting, however, is when we see what businesses are doing to protect themselves against these threats," Dziergwa says.

"Companies that employ their own dedicated cyber team are still in the minority, and while outsourcing is preferred, this isn't a common policy at the majority of organisations either.

“It's a similar situation when looking at certain key protective tools that haven't yet been implemented on a large scale, such as ransomware protection," he says.

"The established presence of measures such as multi-factor authentication provide some cause for optimism though, so it will be interesting to see if the other security features follow a similar trajectory in the near future.

Dziergwa believes that to further shore up security capabilities, businesses should look closely at how disaster recovery processes have been successfully implemented, and aim to replicate these approaches for cyber.

 “The strong presence of disaster recovery  planning shows that organisations are doing well when it comes to the more all-encompassing, overarching responsibilities that ensure the business is resilient in the face of unexpected disruption," he says.

"The next step is for leaders to apply this approach to the more granular elements of cybersecurity, including anti-ransomware tools.

"After all, security features are designed in many cases to reduce the potential for human error to cause major cyber incidents. By investing more heavily in these areas, CTOs will have less need to worry about any risky behaviour by their staff in future.