Matt Hathaway

The Threat Within: RiskRater User Risk Report

Blog Post created by Matt Hathaway Employee on Sep 17, 2013

Last week, we released the third of three reports from our RiskRater research.


The first two reports focused on mobile devices and endpoint devices. The latest report is centered around the risks posed by the one thing that no organization can operate without: Users.


With the amount of protections in place at the perimeter, attackers have shifted much of their efforts toward social engineering in recent years. Unfortunately, two findings in our survey indicate that many organizations are ill-prepared for this change in attacker methodology:

  • Only 2 out of 3 respondents conduct security awareness training in their organizations.
  • Only 1 out of 3 organizations actively test the security awareness of their employees with simulated phishing campaigns.


It was encouraging to see that 9 out of 10 respondents have a password policy in place in their organizations, but our finding that only 56% of these same people audit password policy across all services is troublesome when you consider that attackers often only need one sets of credentials to get in.


The full report is located here, please take a look.


You can see how your organization rates against our benchmarks with our free RiskRater tool located here.