"Phishing remains dominant. It is a logical combination with employees who often click on dangerous hyperlinks. Fifty-six percent of organizations have been affected by phishing at some point, 49 percent of them in the past year alone. This is more than viruses and malware (32 percent) and business email compromise (27 percent). The causes clearly lie with people and processes: 30 percent of incidents are due to poor user practices, 29 percent to lack of training, and 27 percent to limited cybersecurity expertise."
"Only 40 percent of the organizations surveyed have a formal incident response plan and test it regularly. While 27 percent do have a plan, they have never tested it. Experts consistently argue that this is effectively the same as having no plan, because the actual consequences of an incident are more unpredictable than a script can cover. Even more worrying: 24 percent have no formal plan at all and 10 percent do not know whether their organization has an IR plan."
Organizations worldwide are poorly prepared for cyberattacks. Human error, inadequate training, and limited AI adoption constitute the main vulnerabilities. Employees are expected to be the most commonly used attack vector over the next year, driven by poor user practices. Phishing is the dominant threat, affecting 56 percent of organizations at some point and 49 percent in the past year, exceeding malware (32 percent) and business email compromise (27 percent). Causes break down roughly into 30 percent poor user practices, 29 percent lack of training, and 27 percent limited cybersecurity expertise. Penetration testing is often skipped because of cost. Incident preparedness is weak: only 40 percent have and regularly test a formal incident response plan; 27 percent have untested plans, 24 percent have no plan, and 10 percent are uncertain.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]