Only A Few Employees Cause The Majority Of Breaches

Uploaded on 2022-03-28 in TECHNOLOGY--Resilience, JOBS-Training, FREE TO VIEW

In today’s increasingly digital world, it’s more important than ever to be aware of the risks your small business could face online. Cyber crime can impact businesses in several ways, and a cyber-attack has the potential to cause financial and reputational damage to a small business or sole trader.

As businesses of all sizes know, building a good reputation and earning customer trust takes years of hard work. Without the appropriate precautions in place, this can be destroyed in minutes if the business is targeted by a cyber attack.

Too often staff are putting their companies at risk from phishing, malware, and insecure browsing and staff who do this the most are often putting the firm at risk of cyber  attacks. Usually, it is a small group of employees who are often responsible for most of the digital risk in an organisation, according to recent research.

The Report, from the cyber security firm Elevate Security and the cyber security research organisation Cyentia have found that those responsible for putting their companies at risk from phishing, malware, and insecure browsing are often a few repeat offenders.

The research found that 4% of employees clicked 80% of phishing links, and 3% were responsible for 92% of malware events.

  • Four in five employees have never clicked on a phishing email, according to the research. In fact, it asserts that half of them never see one, highlighting the need to focus anti-phishing efforts on at-risk workers. 
  • The malware that phishing and other attack vectors deliver also affects a small group of employees. The research found that 96% of users have never suffered from a malware event.
  • Most malware events revolve around the 3% of users who suffered from two malware events or more, reinforcing the notion that security awareness messages just aren't getting through to some employees.
  • A small number of users are also responsible for browsing risky websites. 12% of users tried to visit sites that violate their organisation's browsing policy at least 750 times each in a year, causing security systems to block the session. These users accounted for 71% of all browsing violations.
  • Illicit browsers aren't always the same people responsible for phishing emails and malware. The report found 9% of users exhibiting high risk in only one category, and only 0.052% of users falling into the high-risk category for all three activities.

Companies can mitigate human error by including technical controls to block malicious emails, but performance here is mixed. Almost one in five (17%) of departments blocked no malware.

Departments were either very good or very bad at blocking phishing emails. More than half of departments block 95% of these mails, while one in ten block almost none. Those that receive the most phishing emails per year are more likely to block them.

The report found that block rates for both phishing emails and malware are not uniform within organisations. Individual departments have varying success rates at stopping digital toxins. "Simply making controls available or even requiring them isn’t enough," the report said. "Organisations have to be willing to also measure whether those controls are doing what they are supposed to be doing."

Small businesses are attractive targets because they typically lack the budget and resources to prevent, identify, respond to, and recover from threats.

No target has proved too small for hackers, who are constantly on the hunt for new opportunities. "No matter if it is education, government, health care, manufacturing or electricity, each sector has had many successful cyber-attacks in the past," says Candid Wuest, vice president of cyber protection research at cyber security firm Acronis.

Some criminals enjoy variety, focusing on specific groups for a while before they move on to the next group. Remote workers are sitting ducks for cyber criminals. Hackers can slip in through remote access entry points, including remote desktops and VPN access portals. You should make sure your remote workers are trained to spot phishing attempts, use two-factor authentication, and download the most recent updates of security software.

Elevate Security:    ITPro:     Forbes:   Inc.com:     Hosting Tribunal

For advice and recommendations on  cyber security staff training please contact Cyber Security Intelligence.

You Might Also Read: 

Employee Cyber Security Training Is Vital To Reduce Cyber Attacks:

 

« US Moves Cyber Defences To High Alert
Operating Technology Security Issues Are Increasing »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cavirin

Cavirin

Cavirin’s Automated Risk Analysis Platform reduces risk and automates security and compliance.

Mega

Mega

Mega is a secure cloud data storage provider with browser-based high-performance end-to-end encryption.

Sepio Cyber

Sepio Cyber

Sepio is the leading asset risk management platform that operates on asset existence rather than activity.

Secnology

Secnology

Secnology is dedicated to developing and providing the most powerful and user friendly event analysis and security management solution.

Custodio Technologies

Custodio Technologies

Custodio Technologies was established as a Singaporean R&D Centre of Israel Aerospace Industries (IAI) in order to spearhead R&D activities in the field of cyber early warning.

Araxxe

Araxxe

Araxxe delivers Revenue Assurance, End-to-End Billing Verification and Interconnect Fraud Detection solutions to communication companies worldwide.

Capy

Capy

Capy's SaaS-based security solutions will protect your website from bots, spam, humans and more.

German Accelerator

German Accelerator

German Accelerator supports high-potential German startups in successfully entering the U.S. and Southeast Asian markets.

TriagingX

TriagingX

TriagingX successfully created the first generation malware sandbox that is being used by many Fortune 500 companies for daily malware analysis.

Cybolt

Cybolt

Cybolt helps companies, organizations, and governments manage digital risks and live in an environment of confidence and certainty.

Support Link Technologies (SLT)

Support Link Technologies (SLT)

Support Link Technologies are an IT Solutions Company committed to achieving customer satisfaction through excellent customer service.

Apollo Information Systems

Apollo Information Systems

Apollo is a value-added reseller that provides our clients with the complete set of cybersecurity and networking services and solutions.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

Infosys

Infosys

Infosys is a global leader in consulting, technology and outsourcing solutions.. Services include IT strategy, technical architecture and operations including cybersecurity.

Endure Secure

Endure Secure

Endure Secure is a managed cyber security & information security consultancy. Our passion for IS and our understanding of the threat landscape is reflected in the services that we provide.

Techtron Business IT Services

Techtron Business IT Services

TECHTRON has been providing business IT services since 2004. Our focus is on SMBs and we are good at it. Our customers trust us, they love our high levels of service, and they love what we stand for.