With the rapid adoption of hybrid working environments and increased attacks, IT and security professionals worry that future data breaches will most likely be the result of end users who are negligent of or break security policy, according to a recent Dark Reading survey. The percentage of respondents in Dark Reading’s 2021 Strategic Security Survey who perceive users breaking policy as the biggest risk fell slightly, however, from 51% in 2020 to 48% in 2021. Other potential issues involving end users showed improvements as well, with social engineering falling in concern from 20% to 15% and remote work worries halving from 26% to 13%.
While this trend is positive, it’s unclear where the increased confidence comes from, since more people now report ineffective end-user security awareness training (11%, to 2020’s 7%).
Respondents shared their heightened concern about well-funded attacks. In 2021, 25% predicted an attack targeted at their organizations (a rise from 2020, when 20% said the same), and fear of a nation-state-sponsored action rose to 16% from 9% the year before. Yet only 16% reported sophisticated, automated malware as a top concern, a 10% drop from 2020, and fear of a gap between security and IT advances only merited 9%. A tiny 3% worried that their security tools wouldn’t work well together, dropping from the previous year’s 10%.
Attacks through third-party vulnerabilities was another theme, with 23% of respondents concerned about breaches of third-party systems that their own teams couldn’t control (up 3%). In addition, 19% worried about other third-party compromises (nearly doubled from last year’s 10%).
Corporate issues were further down the list of concerns. Only 13% expressed concern that a lack of staffing would lead to breaches, and while budget issues rose 4% from last year, that still only ranked for 11% of respondents. Poor communication between teams rated for 10%, more than twice 2020’s 4%. Encouragingly, only 7% reported lack of support from upper management as a serious cause of future breaches.