Organizations appear to be overconfident in their ability to protect themselves, despite glaring gaps in security, according to new data from cyber protection vendor, Acronis.

New data from Acronis’ Cyber Readiness Report 2021 tells the tale of some very unprepared – and yet still confident – IT organizations. Overall, organizational cybersecurity isn’t a top concern for organizations despite enabling remote workers (57% of organizations) and securing them (50%) are. In addition, 53% of organizations believe they are safe from supply chain attacks because “We only use known, trusted software” – c’mon; even Microsoft has been a victim of the Hafnium attack back in February.

Despite this overconfidence, the report shows how very unprepared the average organization really is:

  • 36% of remote workers have issues using corporate security measures
  • 25% of organizations aren’t using multi-factor authentication at all
  • 71% of organizations are targeted by phishing attacks each month
  • 80% have been the target of cyberattacks in the last year
  • 30% of organizations were attacked at least once a day
  • Only 20% say they haven’t been a target

Of those organizations experiencing attacks, the number one attack type (experienced by 58% of organizations) was phishing attacks. And, given that organizations (according to the report data) were focused on solutions like anti-malware (73%), backup/DR (48%), vulnerability management (45%), and URL filtering (20%), it’s evident that many of these organizations aren’t placing enough emphasis on educating users to stop the attacks that get past these solutions.

It’s only through continual Security Awareness Training that an organization can address the weakest link in their security stance; users. From the report data, it’s evident that attacks are present, phishing remains a favorite attack vector, and remote users aren’t as secure as they need to be. Putting Security Awareness Training in place will assist in strengthening your stance with remote users, regardless of the amount of security tech in place.