Основные понятия
Awareness of well-known cybersecurity threats and solutions is quite low among cyber and information security decision-makers, and is positively associated with adoption of advanced antimalware solutions and security operation centers.
Аннотация
The study investigates the cybersecurity awareness of cyber and information security decision-makers and the factors associated with it. The key findings are:
Awareness of threats like DDoS attacks, botnets, industrial espionage, and phishing, as well as solutions like remote data deletion, advanced antimalware with EDR/XDR, security operation centers (SOCs), and centralized device management, is positively associated with adoption of advanced antimalware solutions with EDR/XDR capabilities in the organization.
Awareness of threats like industrial espionage, botnets, and phishing, as well as solutions like remote data deletion, advanced firewalls, training, multi-factor authentication, SOCs, and centralized software updates, is positively associated with adoption of any antimalware solution (advanced or standard) in the organization.
Awareness of online fraud is higher among decision-makers in organizations with an internal SOC compared to those with an external SOC or no SOC. Awareness of SOCs and critical infrastructure access control is higher among decision-makers in organizations with any SOC (internal or external) compared to those without.
Non-IT/IS executive decision-makers are less aware of industrial espionage and certain security solutions like training, multi-factor authentication, centralized software updates, and critical infrastructure access control compared to IT/IS executives and non-executives.
Male decision-makers are more aware of certain threats like loss of access to data, industrial espionage, DDoS, botnets, and phishing, as well as solutions like advanced antimalware, centralized device management, training, multi-factor authentication, centralized software updates, and critical infrastructure access control compared to female decision-makers.
Formal education level is not associated with awareness of cybersecurity threats and solutions.
These findings suggest the need for targeted cybersecurity training and awareness programs tailored to the specific needs of different groups of cyber and information security decision-makers.
Статистика
Awareness of DDoS attacks is significantly higher for respondents in organizations adopting advanced antimalware solutions with EDR/XDR capabilities than respondents in those adopting a standard antimalware solution or not adopting any.
Awareness of industrial espionage, botnets and phishing is significantly higher for respondents in organizations adopting any antimalware solution (advanced or standard) compared to those not adopting any.
Awareness of online fraud is significantly higher for respondents in organizations adopting an internal SOC compared to those adopting an external SOC or no SOC.
Awareness of SOCs and critical infrastructure access control is significantly higher for respondents in organizations adopting any SOC (internal or external) compared to those not adopting any.
Цитаты
"Awareness of well-known threats and solutions seems to be quite low for individuals in decision-making roles."
"These results indicate that awareness of certain threats and solutions is positively associated with adoption of antimalware solutions."
"These results suggest that awareness of certain threats and solutions is positively associated with adoption of SOC albeit this association does not seem to be as diverse as its association with adoption of antimalware solutions."