Too Many Corporate Employees Ignore Cyber Security

Uploaded on 2023-12-11 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

The process of digitisation offers all organisations big economic and social opportunities. It also transforms the level of  cyber security risk and creates new vulnerabilities for attackers to exploit. Not least amongst these risks, perhaps the largest one that organisations face, are their own employees.

While employees are the lifeblood of any organisation, they also pose the greatest cyber security risk. 

Accidental breaches are still the most common security incidents affecting firms and one of the biggest reasons for employees being a security risk is that they are unaware of what they should and shouldn't be doing. Typically, they may simply be unaware of devices being connected to an insecure Wi-Fi network or that they shouldn't be storing customer details on a USB.

As cyber threats continue to escalate in frequency and sophistication, it is crucial for security leaders to understand the inherent vulnerabilities employees can introduce. Employees, with all their good intentions, are often the weakest link in an organisation's cyber security defences.

Whether through falling for phishing scams, clicking on malicious links, or mishandling sensitive data, human error can lead to devastating security breaches. 

It is essential to acknowledge that employees are susceptible to manipulation, social engineering, and unintentional mistakes. Understanding this human element and its potential impact is the first step in addressing the risk employees pose. Indeed, many employees are often ignoring their organisation’s cyber security procedures, according to new research from Kaspersky. 

According to this analysis, over a quarter of cyber incidents are attributable to workers disregarding security protocols.

In the last two years, for example, 26% of cyber incidents occurred after a staff member violated designated  procedures.  “Data shows the biggest risks posed by employees when it comes to IT security and data protection are ignoring company policies (16%), remote working (13%) and shadow IT (16%)...  The consequences of a lack of cyber security awareness also led to 44% of decision-makers fearing the impact of regulatory fines for non-compliance. In fact, seven in 10 (70%) respondents also agreed that increased regulations heighten the risk of non-compliance." says Kaspersky

The issue has reached such a scale that the level of danger breaches of this nature pose to businesses is almost equal to that of external threats, such as hacking, Kaspersky warned.

Both IT and non-IT employees were found to be circumventing security procedures, the study found. Around 13% of cyber security incidents since 2021 were caused by intentional information security violations from IT security officers, for example.  The study shows that employees in 12% of polled organisations had intentionally used unauthorised devices to access sensitive data. Additionally, other businesses reported 12% of their staff were found to have sent sensitive information to their personal email address. 

Perhaps the most serious  finding from Kaspersky’s research is that 20% of malicious actions were made by staff for personal gain. Of course, this also suggests that an another sizeable proportion of intentional breaches were caused by employees who simply did not want to follow sometimes tedious security procedures.  

Despite the concerning findings around intentional policy violations, Kaspersky's report shows the majority (38%) of cyber security incidents are still caused by accidental human error. Breaking these incidents down by the actions that caused them, Kaspersky found downloading malware to be the leading cause of incidents by non-IT personnel, accounting for 28% of accidental breaches. 

  • A quarter of respondents said using weak passwords, or failing to update them regularly was to blame for the incident, and 24% said they were responsible for a breach when they visited an unsecured website. 
  • Accidental breaches were not solely caused by non-IT staff, however, 14% of cyber incidents caused by unintentional human error were attributed to senior IT professionals.

Ensuring all employees, regardless of department or seniority, have robust cyber hygiene habits is critical for an organisation to implement an effective security posture, according to Kaspersky. “Along with external cybersecurity threats, there are many internal factors that can lead to incidents in any organisation. As statistics show, employees from any department, whether it's non-IT specialists or IT Security professionals, can negatively influence cybersecurity both intentionally and unintentionally,” a Kaspersky spokesman said. 

While your employees may pose a security risk, with the right training you can reduce the risk of falling victim to cyber crime. The important thing is to assess your business, uncover any weak points and communicate the best processes to all staff and management.

EESC Europa:    Comparitech:     Kaspersky:     OpenAccessGovernment:     ITPro:    The Insider/LinkedIn:

Image: fizkes

You Might Also Read: 

Wanted - A New Generation Of Cyber Security Leaders:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 



 

« 23andMe Confirm Hackers Have Access To Data On 6.9M Users
ChatGPT - Solving AI’s Privacy Issue »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Securezoo

Securezoo

Securezoo's mission is to simplify and enhance information security by providing trusted security guidance, products, and information to small and mid-sized businesses and security professionals.

Happiest Minds Technologies

Happiest Minds Technologies

Happiest Minds offers domain centric solutions in IT Services, Product Engineering, Infrastructure Management and Security.

NATO Communications and Information Agency (NCIA)

NATO Communications and Information Agency (NCIA)

The NCIA Cyber Security Service Line is responsible for planning and executing all life cycle management activities for cyber security.

Networkers

Networkers

Networkers is a global recruitment consultancy helping unite job-seekers and hiring companies across the technology industry.

Iceberg

Iceberg

Iceberg has been established to provide companies with cyber security experts who will protect businesses from the unseen threat of cyber crime.

Protectimus

Protectimus

Affordable two factor authentication (2FA) provider. Protect your data from theft with multi factor authentication service from Protectimus.

Shift Technology

Shift Technology

Shift Technology provides insurance companies with an innovative SaaS solution to improve and scale fraud detection.

Randori

Randori

Randori is an attack platform that provides "red-teaming" as a service - basically, staging simulated hack attacks to test for vulnerabilities and gaps in the security response.

MedCrypt

MedCrypt

MedCrypt are a team of medical device experts focused on bringing modern cybersecurity features to the next generation of healthcare technology.

ThirdWatch

ThirdWatch

ThirdWatch is a Data Science company with real-time automated fraud prevention solutions.

ePlus

ePlus

ePlus designs and delivers effective, integrated cybersecurity programs centered on culture and technology, aimed at mitigating business risk and empowering digital transformation.

iosiro

iosiro

iosiro was created to guide companies through securely using blockchain technologies. We help teams launch and manage ICOs, deploy secure dApps, and integrate private networks into business practices.

1Password

1Password

1Password combines industry-leading security with award-winning design to bring private, secure, and user-friendly password management to everyone.

Rootly

Rootly

Rootly is an incident management platform on Slack that helps automate manual admin work during incidents.

Verastel

Verastel

Specializing in the niche space of proactive cyber-defense, and adaptive resilience, team Verastel is bolstering enterprise digital security like never before.

Fraud.net

Fraud.net

Fraud.net operates the first end-to-end fraud management and revenue enhancement ecosystem specifically built for digital enterprises and fintechs globally.