Skip to main content

Press Release: 69% of organisations don’t carry out regular user security assessments

Survey finds attacks on users cause biggest business disruptions but most organisations are not monitoring for them

London, UK – June, 05 2019 – Despite phishing regularly being cited as the number one cyberattack vector, a new study from Outpost24, an innovator in identifying and managing cyber security exposure, has found 69 percent of businesses do not regularly monitor for threats directed at their users, even though over a fifth of organisations believe attacks targeting their employees could cause the biggest disruptions to business. The study, which was carried out in March 2019 at the RSA Conference in San Francisco, revealed 21 percent of security professionals felt that an attack on users would cause the most disruption to an organisation, compared to an attack on the network (18%), endpoint (18%), cloud (17%), data (15%) and web applications (12%). However, other findings showed over half (57%) of the respondents were very or somewhat confident that their organisation was adequately secured against user targeted threats.

“The results portray a false sense of security amongst security professionals given that they are not regularly scanning for cyberattacks like ransomware and phishing within their organisation,” said Bob Egner, VP at Outpost24. “In our experience, users are the weakest link, and all organizations can reduce the chance of disruption through a combination of education and assessment of privileges. Organisations must realise the turbulent nature of the current cyber environment and, with 32% of all breaches involving an element of phishing, users are both the targets and victims. This reason alone is the call to action needed for organisations to implement a security strategy that includes continuous monitoring to reduce these threat vectors from impacting businesses overall.”

Survey respondents were also asked if they understood the security threats targeting specific areas of their technology stack. Alarmingly, nearly a third (30%) admitted to not having solid grasp of the threats targeted at their web applications, while 27 percent said they don’t have a good enough understanding of security issues aimed at their organisation’s data and cloud infrastructures.

“Conducting regular security assessments should be the norm, but it is only half the process. You need to have a full, holistic view of the entire technology stack to better understand the specific threats and risks to your organisation. From here, the business can make the necessary decisions on where to allocate resources with a view to improving overall security,” continued Egner.



Notes to editor:

This survey was carried out in March 2019 at the RSA Conference in San Francisco and studied the attitudes of 121 security professionals.

For more information on the study

About Outpost24

Outpost24 is a leading cyber assessment company focused on enabling its customers to achieve maximum value from their evolving technology investments. By leveraging our full stack security insights to reduce attack surface for any architecture, Outpost24 customers continuously improve their security posture with the least effort.

Over 2,000 customers in more than 40 countries around the world trust Outpost24 to assess their devices, networks, applications, cloud and container environments and report compliance status for government, industry sector, or internal regulations.

Founded in 2001, Outpost24 serves leading organizations across a wide range of segments including financial and insurance, government, healthcare, retail, telecommunications, technology, and manufacturing.

Looking for anything in particular?

Type your search word here