SolarWinds Research Reveals Negligent Users as Top Cybersecurity Threat to German Organisations

Risky cyberhabits, careless use of passwords, and poor network and/or application security are also top concerns

Trends: Security Breaches & Threat Landscape (Graphic: Business Wire)

BERLIN--()--SolarWinds (NYSE:SWI), a leading provider of powerful and affordable IT management software, today released findings of its latest cybersecurity research at it-sa (Booth #127). The research highlights the threats technology professionals face today and those they expect over the next 12 months, revealing internal factors as the most prominent cybersecurity threat.

The research of over 100 IT professionals in Germany revealed internal user mistakes created the largest percentage of cybersecurity incidents over the past twelve months (80%), followed by exposures caused by poor network system or application security (36%), and external threat actors infiltrating the organisation’s network or systems (31%).

Poor password management ranked as the leading cause of concern for German IT professionals regarding insider threats. Forty-five percent of tech pros surveyed indicated poor password management or weak passwords as the most common cause of accidental or careless insider breaches, while 42% cited sharing passwords as the most common problem. Password management issues, accidental exposure, deletion, corruption or modification of critical data (40%), and copying data to unsecured devices (36%) were the other leading causes reported that lead to insider mistakes.

The survey results also found that 89% of tech pros surveyed indicated they feel unequipped to successfully implement and manage cybersecurity tasks today with their current IT skillset.

"Our research shows once again that the biggest risk to the organization comes from the inside, aligning with research SolarWinds conducted in other regions earlier this year," said Tim Brown, vice president of security, SolarWinds. "This underscores the continued need for organizations to address the human side of IT security and consistently educate users on how to avoid mistakes, while encouraging an environment of learning and training. However, that alone is not enough; tech pros also need the best possible technology to effectively fight against both threats from the inside and potentially more sophisticated threats from the outside. SolarWinds is committed to helping IT and security teams by equipping them with powerful, affordable solutions that are easy to implement and manage. Good security should be within the reach of all organizations."

SolarWinds at it-sa, The IT Security Expo and Congress

Booth 127, Hall 9

  • When: October 8 – 10, 2019
  • Where: Nuremberg, Germany

At it-sa, Europe's largest IT security expo, SolarWinds Head Geek, Sascha Giese, along with other technical experts, will be onsite to provide in-depth demos of SolarWinds security solutions. These include SolarWinds® Access Rights Manager (ARM), SolarWinds Security Event Manager (SEM), SolarWinds Backup, and SolarWinds Patch Manager—plus a suite of monitoring and management platforms with security baked in, including capabilities for robust endpoint detection and response. These products address the gaps identified by the research findings, including the need for more affordable solutions, technologies that help mitigate skills shortages, a layered approach to security, and solutions that fight threats from both the inside and outside of an organization’s technology infrastructure.

“SolarWinds security solutions help address the gaps identified by the research findings,” stated Sascha Giese. “ARM, for example, helps organizations detect compromises or malicious behavior from inside the company, while helping to drive more effective compliance programs. Nearly two-thirds of tech pros surveyed indicate they already use an access rights management solution, underscoring its importance. At it-sa, I’m looking forward to learning even more about the security pain points of our customers and prospects—so we can do even more to help get them resolved.”

Key Findings

Threat Trends: Internal Users Put Organisations at Risk

Types of cybersecurity threats leading to security incidents within the past 12 months:

  • Out of a variety of security incidents, 80% of respondents attributed the largest portion of cybersecurity threats to internal users making mistakes, while 31% attributed at least a portion to external threat actors; followed by 36% that indicated exposures caused by poor network system and/or application security have led to security incidents.
  • 70% indicated regular employees are the users who pose the biggest risk for insider abuse and/or misuse, followed by privileged IT administrators and executives (45% and 33%, respectively).
  • 45% named poor password management as the most common cause of accidental/careless insider breaches from employees and contractors, while 42% of tech pros surveyed state that sharing passwords is the most common cause, followed by accidentally exposing, deleting, corrupting, and/or modifying critical data and copying data to unsecured devices (40% and 36%, respectively).

The following cybersecurity threats could lead to security incidents in the next 12 months:

  • 55% of respondents are extremely concerned or moderately concerned (combined) about internal users making mistakes that put organisations at risk. This is followed by 50% and 42% indicating exposure caused by poor network system and/or system security and external threat actors infiltrating their organisation’s network and/or systems as the top concerns, respectively.
  • Nearly half of tech pros surveyed are extremely concerned or moderately concerned (combined) that cybercriminals will lead to security incidents in the next twelve months, while one-third of tech pros feel the same about cyberterrorists—and one-fifth of tech pros indicating nation-state actors as top concerns within the same timeframe.

IT Skillsets and Landscape: Not Sufficiently Equipped

  • 89% of tech pros feel unequipped to successfully implement and manage cybersecurity tasks today given their current IT skillset, while over half of tech pros surveyed (54%) feel unequipped to utilize predictive analytics to determine the likelihood of outcomes in their architecture.
  • One-fourth of tech pros feel the most significant barrier to maintaining and improving IT security within their organisation is the complexity of their IT infrastructure, followed by budget constraints (20%), and lack of manpower (19%).
  • 45% of tech pros surveyed have adopted a hybrid approach to their IT security, protecting and managing the security of their own network but also using a managed provider to deliver some security services—while 43% are self-managed and 6% outsource entirely.

Top Security Technologies

  • Top technologies used by technology professionals according to respondents include:
  • Detection:
    • Access rights management (64%)
    • IDS and/ or IPS (48%)
    • Vulnerability assessment (38%)
  • Protection:
    • Email security (77%)
    • Data encryption (70%)
    • Endpoint protection (65%)
    • Patch management (65%)
  • Risk management:
    • Identity governance (58%)
    • Asset management (55%)
    • Governance, risk, and compliance (GRC) (45%)
  • Response and recovery:
    • Backup and recovery (70%)
    • Access rights management (50%)
    • Incident response (37%)

The findings are based on a survey fielded in August/September 2019, which yielded responses from 110 technology practitioners, managers, and directors in Germany from public- and private-sector small, mid-size and enterprise organisations.

Additional Resources

Connect with SolarWinds

Information regarding employment opportunities with SolarWinds Berlin is available at https://solarwinds.jobs/jobs/?location=Germany

#SWIproducts

#SWIsecurity

#SWIresearch

About SolarWinds

SolarWinds (NYSE:SWI) is a leading provider of powerful and affordable IT infrastructure management software. Our products give organizations worldwide, regardless of type, size or IT infrastructure complexity, the power to monitor and manage the performance of their IT environments, whether on-premises, in the cloud, or in hybrid models. We continuously engage with all types of technology professionals—IT operations professionals, DevOps professionals, and managed service providers (MSPs)—to understand the challenges they face maintaining high-performing and highly available IT infrastructures. The insights we gain from engaging with them, in places like our THWACK online community, allow us to build products that solve well-understood IT management challenges in ways that technology professionals want them solved. This focus on the user and commitment to excellence in end-to-end hybrid IT performance management has established SolarWinds as a worldwide leader in network management software and MSP solutions. Learn more today at www.solarwinds.com.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks of) their respective companies.

© 2019 SolarWinds Worldwide, LLC. All rights reserved.

Contacts

Martina Eder
Archetype
Tel.: +49 89 9983 7019
solarwindsgermany@archetype.co

Evelyn Seeger
SolarWinds
Tel.: +49 30 390 63 45-62
pr@solarwinds.com

Contacts

Martina Eder
Archetype
Tel.: +49 89 9983 7019
solarwindsgermany@archetype.co

Evelyn Seeger
SolarWinds
Tel.: +49 30 390 63 45-62
pr@solarwinds.com