Too Many Corporate Employees Ignore Cyber Security

Uploaded on 2023-12-11 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

The process of digitisation offers all organisations big economic and social opportunities. It also transforms the level of  cyber security risk and creates new vulnerabilities for attackers to exploit. Not least amongst these risks, perhaps the largest one that organisations face, are their own employees.

While employees are the lifeblood of any organisation, they also pose the greatest cyber security risk. 

Accidental breaches are still the most common security incidents affecting firms and one of the biggest reasons for employees being a security risk is that they are unaware of what they should and shouldn't be doing. Typically, they may simply be unaware of devices being connected to an insecure Wi-Fi network or that they shouldn't be storing customer details on a USB.

As cyber threats continue to escalate in frequency and sophistication, it is crucial for security leaders to understand the inherent vulnerabilities employees can introduce. Employees, with all their good intentions, are often the weakest link in an organisation's cyber security defences.

Whether through falling for phishing scams, clicking on malicious links, or mishandling sensitive data, human error can lead to devastating security breaches. 

It is essential to acknowledge that employees are susceptible to manipulation, social engineering, and unintentional mistakes. Understanding this human element and its potential impact is the first step in addressing the risk employees pose. Indeed, many employees are often ignoring their organisation’s cyber security procedures, according to new research from Kaspersky. 

According to this analysis, over a quarter of cyber incidents are attributable to workers disregarding security protocols.

In the last two years, for example, 26% of cyber incidents occurred after a staff member violated designated  procedures.  “Data shows the biggest risks posed by employees when it comes to IT security and data protection are ignoring company policies (16%), remote working (13%) and shadow IT (16%)...  The consequences of a lack of cyber security awareness also led to 44% of decision-makers fearing the impact of regulatory fines for non-compliance. In fact, seven in 10 (70%) respondents also agreed that increased regulations heighten the risk of non-compliance." says Kaspersky

The issue has reached such a scale that the level of danger breaches of this nature pose to businesses is almost equal to that of external threats, such as hacking, Kaspersky warned.

Both IT and non-IT employees were found to be circumventing security procedures, the study found. Around 13% of cyber security incidents since 2021 were caused by intentional information security violations from IT security officers, for example.  The study shows that employees in 12% of polled organisations had intentionally used unauthorised devices to access sensitive data. Additionally, other businesses reported 12% of their staff were found to have sent sensitive information to their personal email address. 

Perhaps the most serious  finding from Kaspersky’s research is that 20% of malicious actions were made by staff for personal gain. Of course, this also suggests that an another sizeable proportion of intentional breaches were caused by employees who simply did not want to follow sometimes tedious security procedures.  

Despite the concerning findings around intentional policy violations, Kaspersky's report shows the majority (38%) of cyber security incidents are still caused by accidental human error. Breaking these incidents down by the actions that caused them, Kaspersky found downloading malware to be the leading cause of incidents by non-IT personnel, accounting for 28% of accidental breaches. 

  • A quarter of respondents said using weak passwords, or failing to update them regularly was to blame for the incident, and 24% said they were responsible for a breach when they visited an unsecured website. 
  • Accidental breaches were not solely caused by non-IT staff, however, 14% of cyber incidents caused by unintentional human error were attributed to senior IT professionals.

Ensuring all employees, regardless of department or seniority, have robust cyber hygiene habits is critical for an organisation to implement an effective security posture, according to Kaspersky. “Along with external cybersecurity threats, there are many internal factors that can lead to incidents in any organisation. As statistics show, employees from any department, whether it's non-IT specialists or IT Security professionals, can negatively influence cybersecurity both intentionally and unintentionally,” a Kaspersky spokesman said. 

While your employees may pose a security risk, with the right training you can reduce the risk of falling victim to cyber crime. The important thing is to assess your business, uncover any weak points and communicate the best processes to all staff and management.

EESC Europa:    Comparitech:     Kaspersky:     OpenAccessGovernment:     ITPro:    The Insider/LinkedIn:

Image: fizkes

You Might Also Read: 

Wanted - A New Generation Of Cyber Security Leaders:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 



 

« 23andMe Confirm Hackers Have Access To Data On 6.9M Users
ChatGPT - Solving AI’s Privacy Issue »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Proofpoint

Proofpoint

Proofpoint provide the most effective cybersecurity and compliance solutions to protect people on every channel including email, the web, the cloud, social media and mobile messaging.

NuData Security

NuData Security

NuData Security, A Mastercard Company, is an award winning behavioral biometrics company.

FarrPoint

FarrPoint

FarrPoint is a specialist telecoms consultancy providing a range of services including cyber security assessments and technical assurance to safeguard your data.

Delta Risk

Delta Risk

Delta Risk is a global provider of managed security services and cyber security risk management solutions to government and private sector clients.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

TruNarrative

TruNarrative

TruNarrative provides a unified solution for Identity Verification, Fraud Detection, eKYC, Risk Assessment, AML Compliance and Account Monitoring.

TypingDNA

TypingDNA

TypingDNA uses AI to recognise people by the way they type on desktop keyboards and mobile devices.

Sternum

Sternum

Sternum provides reliable and effective endpoint security for any IoT device, using robust technology and seamless integration.

Tutamantic

Tutamantic

Tutamantic develops software that reduces security risks and weaknesses during the architectural and design stages.

Illuma Labs

Illuma Labs

Illuma Labs delivers real-time voice authentication and fraud prevention solutions.

Viakoo

Viakoo

Viakoo is an Enterprise IoT Applications Management company providing performance, security, and compliance. Viakoo enables you to be proactive in maintaining cyber hygiene and protecting your network

Intracom Telecom

Intracom Telecom

Intracom Telecom is a global telecommunication systems & solutions vendor offering a complete range of professional services and solutions including Information Security.

Dataprise

Dataprise

Dataprise is a leading IT managed services provider offering IT Management and Help Desk Support Services, Cloud Services, Information Security Solution, IT Strategy and Consulting.

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP provides solutions and services around Core Infrastructure, Cloud, Cyber Security, Enterprise Applications, Intelligent Automation and Data, Smart Buildings, and Managed Services.

Unisys

Unisys

Unisys is a global information technology company providing industry-focused solutions integrated with leading-edge security to clients in the government, financial services and commercial markets.

eGyanamTech (EGT)

eGyanamTech (EGT)

eGyanamTech provides robust security solutions tailored for Operational Technology (OT) and Supervisory Control and Data Acquisition (SCADA) systems used in critical infrastructure systems.