New insights into the state of data security show a clear focus on the weakest part of your security stance – your users – and organizations doing little to address it.

It’s frustrating when the answer is right there in front of the face of organizations today and you have to watch them scramble around the problem without really addressing it. This is exactly what I see in the data found in Thales’ 2022 Data Threat Report.

Within the report, we find data points of brilliance around awareness of the problem of users:

  • Human Error is seen as the highest threat to organizational security, with 38% of organizations ranking it as the top threat. For reference, Nation States was only a top concern for 28% of organizations.
  • 29% of organizations ranked ‘accidental human error’ as the top threat (and , again, for reference, only 17% ranked external attackers with financial motivation as a top threat)
  • 79% of organizations are concerned about the security risks with an increasingly remote workforce

It’s evident that users play a role in making an organization insecure, right? So, we’d expect to see lots of spending on ways to secure the user. But according to the report, organizations are prioritizing network security (e.g., Intrusion Prevention Solutions, gateways, firewalls), key management, cloud security, and zero trust solutions.

It seems like the focus is way too much on trying to prevent data from leaving, instead of stopping attackers from ever getting in. With the data showing organizations are very aware of the factor users play in cyberattacks, I would expect to see more focus on Security Awareness Training to reduce the threat surface of phishing – a primary attack vector in nearly every kind of cyber attack. This kind of training helps to establish good cyber hygiene, a sense of vigilance, and has been shown to reduce the risk of users falling for social engineering tactics employed within phishing attacks.