Rawpixel.com - stock.adobe.com
Kaseya exposes ongoing need for user security training
MSP specialist shares findings from survey that revealed main challenge identified by customers
Security threats are continuing to rise in both volume and sophistication at a time when many customers are struggling to train and educate staff around best practices in data protection.
That situation leaves the door open to those channel players that are able to plug the gap, and help users improve knowledge and reduce human error.
Kaseya’s Cybersecurity survey report 2024: Navigating the new frontier of cyber challenges makes interesting reading for the channel.
User behaviour was highlighted as the main security challenge, and there were signs that artificial intelligence (AI) was already being exploited to create more sophisticated attacks. On the user front, 89% of those business leaders quizzed by Kaseya indicated a lack of training or bad user behaviour was the main security challenge, and poor practice and a lack of knowledge created headaches for those trying to keep firms safe.
Alongside that issue, there was a mixed response to AI, with many fearing it would help criminals evolve their attacks, but there was a recognition that the technology could also help enhance defences.
The channel has stepped up its rollback and data protection services, and there were some signs it was having an impact, with the number of firms admitting they paid out after a ransomware attack coming in at just 11%. “Cyber security attacks are widespread and more sophisticated, and as a result, are shaping business and IT strategies,” said Chris McKie, vice-president of product marketing security at Kaseya.
“IT professionals are navigating this new frontier as they try to find a balance between cyber security needs against hybrid workforces, dependency on cloud-based applications and services, and the role of artificial intelligence in cyber attacks,” he added.
Customer spending
Kaseya found that customers were spending on zero-trust, antivirus email protection and file backup, and pen testing had also increased in popularity year-on-year, with many testing on average three times annually.
The focus on security had an impact on budgets, which remained stable, but a portion of those quizzed felt it would increase next year.
Some of the planned areas where money will be spent include cloud security, automated pen testing, network protection and awareness training, with managed detection and response, as well as SOC services, also on the list.
Human error and attacks that take advantage of social engineering continue to be problems users are wrestling with and looking to the channel to help solve.
Anna Collard, senior vice-president of content strategy and evangelist at KnowBe4 Africa, added her voice to the calls for increasing user security awareness.
“Social engineering remains the most pervasive form of cyber attack for one reason – humans are easier to hack into than most machines,” she said. “Exploiting our psychological, personality or behavioural weaknesses, cyber criminals can dupe us to get unauthorised access to systems or gain financial rewards by deceiving their victims.”
The main reason social engineering is so effective is that it keeps evolving. There isn’t a clear or consistent pattern, meaning that, like the attacks themselves, we need to keep adapting in our response to them.”