User behavior is the biggest cybersecurity challenge facing IT organizations today, new research from Kaseya has found, as threat actors and defenders alike increasingly adopt AI.
The 2024 Kaseya Security Survey quizzed IT professionals across North America, the UK and EU, as well as APAC and New Zealand, working for companies with annual revenue of between $1 million and $10 million, and between 101-500 employees.
It found that a resounding 89% of participants stated bad user behavior or lack of training as their main cybersecurity hurdle in 2024. User-related security issues – such as poor user practices and gullibility – was the largest concern (45%), while lack of end-user security training (44%) followed close behind.
In terms of impacts on their businesses, phishing topped the list with 58%, with viruses and malware in second with 44%. Business email compromise rounded out the top three, cited by 34% of those surveyed.
However, when it comes to ransomware, pay-outs have declined, with just 11% stating that they have handed money over to attackers. Kaseya said increased investment in backup and recovery technologies have likely minimized the impact of these attacks, alongside a growing awareness that paying the ransom is a poor practice.
“Cybersecurity attacks are widespread and more sophisticated, and as a result, are shaping business and IT strategies,” commented Chris McKie, Kaseya’s vice president of product marketing-security.
“IT professionals are navigating this new frontier as they try to find a balance between cybersecurity needs against hybrid workforces, dependency on cloud-based applications and services, and the role of artificial intelligence in cyber attacks.”
Mixed feelings on AI
This role of artificial intelligence is currently under IT professionals’ microscope, as the technology is increasingly implemented by cyber criminals to launch more sophisticated attacks at a faster pace than previously seen.
Over half of the survey’s participants said they believe AI will elevate their security – but a third remain skeptical, stating they are unsure on the impact the technology will have at their organization.
Security tools
The report also explored the tools organizations are currently leveraging to battle the modern threat landscape. When it comes to cybersecurity frameworks, NIST was found to be the most popular at 40%, followed by Zero Trust at 36%.
As security maturity rises among businesses, the top three security solutions were antivirus software (87%), email and spam protection (79%), and file backup (70%).
Three in five participants said they also have an incident response plan in place at their organization – but just 37% confirm its efficacy with periodic drills compared to 46% in last year’s survey.
Pentesting, however, is being utilized by the majority, with over two-thirds testing at least twice per year, and more than a third doing so three times annually.
Additionally, cyber insurance adoption has also seen a significant hike, with 61% now covered, compared to just 27% in 2023. 41% revealed they intend to invest in the area over the next twelve months.
Investment
Despite the concerns surrounding AI and its increasing prominence, IT budgets remain stable, Kaseya found, with more than 80% stating that they believe their security budget will either remain the same or grow over the coming year.
In addition to insurance, the top areas IT professionals expect to invest in were cloud security (33%), automated pentesting (27%), network security (26%), security awareness training (26%), and vulnerability assessment (26%).
