Internal factors—both people and technology—cast a bigger cybersecurity threat than external factors and are ranked as the top concern for companies, new research from SolarWinds covering Singapore and Hong Kong shows.
Out of all cybersecurity incidents that respondents experience, the most-reported was caused by internal users making mistakes (65%), followed by 43% attributed to external threat actors.
Also, 66% of respondents reported that regular employees pose the biggest risk, with 46% attributing the cause to poor password management and/or weak passwords, and 45% to accidents.
Despite cybersecurity threats becoming a norm, 97% of respondents felt ill-equipped to successfully implement and/or manage one or more cybersecurity tasks today given their current IT skillset.
Moreover, 36% said budget constraints were the most significant barrier to maintaining or improving their current IT security.
“We need to remember that security is about more than technology, it’s also about people,” said Tim Brown, VP of security at SolarWinds.
Research findings also highlight that, regarding the next 12 months, 39% of respondents are “extremely concerned” about internal users making mistakes that put organisations at risk. Also cited as the top concerns are exposure caused by poor network system and/or system security (29%) and malicious employees stealing assets and/or IP (26%).
Further, 43% are “extremely concerned” that cybercriminals will lead to security incidents, followed by 35% indicating cyberterrorists, and 24% indicating nation state actors as top concerns.
Regarding skills and budget concerns, 97% of respondents feel unequipped to successfully implement and/or manage one or more cybersecurity tasks today given their current IT skillset.
Meanwhile, 36% named budget constraints as the most significant barrier to maintaining and/or improving IT security, followed by competing priorities and/or initiatives and complexity of IT infrastructure.
About half of respondents have a hybrid approach to their IT security, protecting and managing the security of their own network while also using a managed provider to deliver some security services.