According to a new study by Mimecast, human error contributed to 95% of data breaches in 2024, driven by insider threats, credential misuse, and user-driven errors. A small fraction of employees contributed disproportionately to these security incidents, with just 8% of staff accounting for 80% of incidents. The report highlighted several high-profile incidents in the past year linked to human error. This included the Change Healthcare ransomware attack, in which an employee’s credentials were compromised through a phishing email, enabling the threat actors to access the network. [1]
See: https://redskyalliance.org/xindustry/data-breaches
Nearly half (43%) of respondents reported seeing an increase in internal threats or data leaks initiated by compromised, careless, or negligent employees in the past 12 months. Additionally, 66% expect data loss from insiders to grow over the coming year. Security decision-makers surveyed said insider-driven data exposure leaks and theft events cost the organization an average of $13.9m. Most (87%) organizations said they train their employees to spot cyber-attacks at least once a quarter. Despite this, 33% fear mistakes and human error in handling email threats by employees, while 27% are concerned that employee fatigue is causing lapses in vigilance.
The report found that 95% of organizations are using AI to help defend against cyber-attacks and/or insider threats. Conversely, over half (55%) of respondents admitted they are not fully prepared with specific strategies to deal with AI-driven threats. Additionally, 81% were concerned about potential sensitive data leaks via GenAI tools. While 85% of respondents revealed their organization’s cybersecurity budget has increased in the last 12 months, 57% said that an additional budget is required for cybersecurity staff and third-party services (57%), collaboration tool security (52%), and email security (47%).
The survey highlighted concerns about collaboration tools expanding the attack surface, with 79% agreeing that using such tools poses new threats and security loopholes. Collaboration tools are designed to help people communicate and coordinate projects, with examples including Slack and Zoom. Nearly half (44%) of respondents reported increased threats from these tools in the past 12 months. Meanwhile, 61% said it is inevitable or likely that their organization will suffer a negative business impact from an attack linked to a collaboration tool in 2025.
This article is shared at no charge and is for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
• Reporting: https://www.redskyalliance.org/
• Website: https://www.redskyalliance.com/
• LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.infosecurity-magazine.com/news/data-breaches-human-error/
Comments