Too Many Corporate Employees Ignore Cyber Security

Uploaded on 2023-12-11 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

The process of digitisation offers all organisations big economic and social opportunities. It also transforms the level of  cyber security risk and creates new vulnerabilities for attackers to exploit. Not least amongst these risks, perhaps the largest one that organisations face, are their own employees.

While employees are the lifeblood of any organisation, they also pose the greatest cyber security risk. 

Accidental breaches are still the most common security incidents affecting firms and one of the biggest reasons for employees being a security risk is that they are unaware of what they should and shouldn't be doing. Typically, they may simply be unaware of devices being connected to an insecure Wi-Fi network or that they shouldn't be storing customer details on a USB.

As cyber threats continue to escalate in frequency and sophistication, it is crucial for security leaders to understand the inherent vulnerabilities employees can introduce. Employees, with all their good intentions, are often the weakest link in an organisation's cyber security defences.

Whether through falling for phishing scams, clicking on malicious links, or mishandling sensitive data, human error can lead to devastating security breaches. 

It is essential to acknowledge that employees are susceptible to manipulation, social engineering, and unintentional mistakes. Understanding this human element and its potential impact is the first step in addressing the risk employees pose. Indeed, many employees are often ignoring their organisation’s cyber security procedures, according to new research from Kaspersky. 

According to this analysis, over a quarter of cyber incidents are attributable to workers disregarding security protocols.

In the last two years, for example, 26% of cyber incidents occurred after a staff member violated designated  procedures.  “Data shows the biggest risks posed by employees when it comes to IT security and data protection are ignoring company policies (16%), remote working (13%) and shadow IT (16%)...  The consequences of a lack of cyber security awareness also led to 44% of decision-makers fearing the impact of regulatory fines for non-compliance. In fact, seven in 10 (70%) respondents also agreed that increased regulations heighten the risk of non-compliance." says Kaspersky

The issue has reached such a scale that the level of danger breaches of this nature pose to businesses is almost equal to that of external threats, such as hacking, Kaspersky warned.

Both IT and non-IT employees were found to be circumventing security procedures, the study found. Around 13% of cyber security incidents since 2021 were caused by intentional information security violations from IT security officers, for example.  The study shows that employees in 12% of polled organisations had intentionally used unauthorised devices to access sensitive data. Additionally, other businesses reported 12% of their staff were found to have sent sensitive information to their personal email address. 

Perhaps the most serious  finding from Kaspersky’s research is that 20% of malicious actions were made by staff for personal gain. Of course, this also suggests that an another sizeable proportion of intentional breaches were caused by employees who simply did not want to follow sometimes tedious security procedures.  

Despite the concerning findings around intentional policy violations, Kaspersky's report shows the majority (38%) of cyber security incidents are still caused by accidental human error. Breaking these incidents down by the actions that caused them, Kaspersky found downloading malware to be the leading cause of incidents by non-IT personnel, accounting for 28% of accidental breaches. 

  • A quarter of respondents said using weak passwords, or failing to update them regularly was to blame for the incident, and 24% said they were responsible for a breach when they visited an unsecured website. 
  • Accidental breaches were not solely caused by non-IT staff, however, 14% of cyber incidents caused by unintentional human error were attributed to senior IT professionals.

Ensuring all employees, regardless of department or seniority, have robust cyber hygiene habits is critical for an organisation to implement an effective security posture, according to Kaspersky. “Along with external cybersecurity threats, there are many internal factors that can lead to incidents in any organisation. As statistics show, employees from any department, whether it's non-IT specialists or IT Security professionals, can negatively influence cybersecurity both intentionally and unintentionally,” a Kaspersky spokesman said. 

While your employees may pose a security risk, with the right training you can reduce the risk of falling victim to cyber crime. The important thing is to assess your business, uncover any weak points and communicate the best processes to all staff and management.

EESC Europa:    Comparitech:     Kaspersky:     OpenAccessGovernment:     ITPro:    The Insider/LinkedIn:

Image: fizkes

You Might Also Read: 

Wanted - A New Generation Of Cyber Security Leaders:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 



 

« 23andMe Confirm Hackers Have Access To Data On 6.9M Users
ChatGPT - Solving AI’s Privacy Issue »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Council of European Professional Informatics Societies (CEPIS)

Council of European Professional Informatics Societies (CEPIS)

CEPIS is the representative body of national informatics associations throughout Europe and represent over 450,000 ICT and informatics professionals in 32 countries.

InteliSecure

InteliSecure

InteliSecure offer Professional Services, Security Assessments and Managed Services for data and threat protection.

MailGuard

MailGuard

MailGuard delivers a full suite of security solutions across email and web to protect your business before threats reach your environment.

The Open Group

The Open Group

The Open Group: Leading the development of open, vendor-neutral IT standards and certifications.

TrustInSoft

TrustInSoft

TrustInSoft develops solutions that validate mission-critical software and eliminate attack vectors.

Applied Risk

Applied Risk

Applied Risk is an established leader in Industrial Control Systems security, focused on critical infrastructure security and combating security breaches that pose a significant threat.

Hacker House

Hacker House

Hacker House teaches you what hackers can learn about your business and systems so that preventative solutions to protect your assets can be applied through active measures.

Applied Security (APSEC)

Applied Security (APSEC)

APSEC provides products and services in the areas of encryption, digital signature, authentication and data loss prevention.

Squalio

Squalio

Squalio is an information technology group that delivers solutions and services for secure and effective IT management.

KBR

KBR

To help governments and other agencies to combat cyber threats, KBR is safeguarding their most valuable systems with sophisticated tools, hardware and training.

Stellar Cyber

Stellar Cyber

Stellar Cyber makes Open XDR, the only comprehensive security platform providing maximum protection of applications and data wherever they reside.

CyberGuard Technologies

CyberGuard Technologies

CyberGuard Technologies provides a suite of fully managed end-to-end security services from its 24/7 UK security operations centre.

Zaviant Consulting

Zaviant Consulting

Zaviant Consulting is a leading data security and privacy consulting firm assisting organizations comply with constantly evolving security frameworks and privacy regulations.

Xmirror Security

Xmirror Security

Xmirror Security focuses on integrated detection and defense of the continuous threat to the DevSecops software supply-chain with artificial intelligence technology as the core.

CampusGuard

CampusGuard

CampusGuard focuses on the cybersecurity and compliance needs of campus-based organizations including higher education, healthcare, and state and local government.

Barclay Simpson

Barclay Simpson

Barclay Simpson is proud to have a long history of delivering cyber security, technology and governance recruitment services.