The research found that internal factors-both people and technology-cast a bigger cybersecurity threat than external factors and are ranked as the top concern. Out of all cybersecurity incidents experienced by respondents, the largest portion reported was caused by internal users making mistakes, at 65 percent, followed by 43 percent attributed to external threat actors. Sixty-six percent of respondents reported that regular employees pose the biggest risk, with 46 percent attributing the cause to poor password management and/or weak passwords, and 45 percent to accidents.
Despite cybersecurity threats (both internal and external) becoming a norm in today's landscape, 97 percent of respondents felt ill-equipped to successfully implement and/or manage one or more cybersecurity tasks today given their current IT skillset. Moreover, 36 percent said budget constraints were the most significant barrier to maintaining or improving their current IT security.
"Organisations are increasingly vigilant about securing their IT environments, and they're stepping up both offensive and defensive practices. However, the findings from this research echo what we are seeing time and time again- that insider vulnerabilities are the top threat vector vs. external attacks. We need to remember that security is about more than technology; it's also about people," explained Tim Brown, vice president of security, SolarWinds. "At SolarWinds, we work diligently as a partner, not just another vendor, to help our partners strengthen their defences at all layers and close the threat gaps, both inside and out."
"IT professionals are being challenged to operate more and more like security professionals," stated Brandon Shopp, vice president of products, security, SolarWinds. "Things like skills gaps and budget worries, as demonstrated in our most recent research, are still very real concerns, and the threat risks are escalating at all levels. There's good news though; a technology professional absolutely doesn't need to go full on security operations professional to achieve good security. SolarWinds is committed to giving IT professionals at all levels the confidence they need to meet these challenges head on, with products like SolarWinds Access Rights Manager that can help manage the people side of the equation, and SolarWinds Backup, that can help speed up recovery, whether the loss is based on human error or attack. Our promise is simple; it's for a new era called ‘security simplified.'"
RSA Singapore attendees will have the opportunity to receive in-depth demos of SolarWinds security solutions, including SolarWinds Access Rights Manager (ARM), SolarWinds Security Event Manager (SEM), SolarWinds Threat Monitor, SolarWinds Backup, SolarWinds Mail Assure, SolarWinds Passportal, SolarWinds Risk Intelligence, and SolarWinds Patch Manager-plus a suite of monitoring and management platforms with security baked in, including capabilities for robust endpoint detection and response. These products clearly address the gaps identified by the research findings-around more affordable solutions, technologies that help mitigate skills shortages, the need for a layered approach to security, and one that fights threats from both the inside and outside of an organization's technology infrastructure.
Key Findings
Threat Trends-Internal Threats Top the List
- In the past 12 months:
- Out of a variety of security incidents, 65 percent of respondents attributed the largest portion of cybersecurity threats to internal users making mistakes, while 43 percent attributed at least a portion to external threat actors.
- 66 percent indicated regular employees are the users who pose the biggest risk for insider abuse and/or misuse.
- 46 percent named poor password management as the most common cause of accidental/careless insider breaches from employees and contractors, while 45 percent called out accidentally exposing, deleting, corrupting, and/or modifying critical data as the most common cause.
- In the coming 12 months:
- 39 percent of respondents are "extremely concerned" about internal users making mistakes that put organisations at risk; followed by 29 percent and 26 percent indicating exposure caused by poor network system and/or system security and malicious employees stealing assets and/or IP as the top concerns respectively.
- 43 percent are "extremely concerned" that cybercriminals will lead to security incidents, followed by 35 percent indicating cyberterrorists, and 24 percent indicating nation state actors as top concerns.
IT Skillsets and Landscape-Skills Gaps and Budget Concerns
- 97 percent of respondents feel unequipped to successfully implement and/or manage one or more cybersecurity tasks today given their current IT skillset.
- 36 percent named budget constraints as the most significant barrier to maintaining and/or improving IT security, followed by competing priorities and/or initiatives and complexity of IT infrastructure.
- Close to 50 percent have a hybrid approach to their IT security, protecting and managing the security of their own network while also using a managed provider to deliver some security services.
Top Technologies-Good Combination of Protect/Detect
- Top technologies used by technology professionals according to respondents include:
- Protection:
- Endpoint protection (78 percent)
- Email security (74 percent)
- Patch management (62 percent)
- Detection:
- IDS &/or IPS (61 percent)
- Access rights management (59 percent)
- Vulnerability assessment (58 percent)
- Response and Recovery:
- Backup and recovery (84 percent)
- Incident response (71 percent)
- Access rights management (52 percent)
- Risk Management:
- Asset management (62 percent)
- Governance, risk & compliance (GRC) (59 percent)
- Identity governance (43 percent)
- Protection: