Corporate information security practitioners almost universally agree that human behaviour is their largest security threat.
A new report from Nuix discovered that while businesses were investing to develop broad and mature cyber-security capabilities, many were uncertain about the most effective technologies and capabilities to focus on. Twenty-nine cyber-security experts with varying degrees of responsibility from several industries were interviewed for the research.
Seventy-nine percent of respondents said they had increased spending on data breach detection in the past year and 72 percent said they plan on doing so next year.
Preventing data breaches was a top spending priority for 52 percent, while 42 percent said detection was their main focus.
“We still see a lot of companies spending too much money and effort on breach prevention technologies that don't prevent data breaches and detection measures that don't detect them until months later. That means they have less to spend on incident response and recovery just when they need those things most,” said Dr Jim Kent, global head of security and intelligence, Nuix.
Businesses are less likely to use fear to convey important security ideas. Instead, security leaders are using policies, awareness and training to help their employees become part of the solution.
“While the policies and training are crucial, we need to get better at ‘idiot-proofing' our technology so that even if people do the wrong thing, the malware doesn't achieve its goals,” Kent said.