Too Many Corporate Employees Ignore Cyber Security

The process of digitisation offers all organisations big economic and social opportunities. It also transforms the level of  cyber security risk and creates new vulnerabilities for attackers to exploit. Not least amongst these risks, perhaps the largest one that organisations face, are their own employees.

While employees are the lifeblood of any organisation, they also pose the greatest cyber security risk. 

Accidental breaches are still the most common security incidents affecting firms and one of the biggest reasons for employees being a security risk is that they are unaware of what they should and shouldn't be doing. Typically, they may simply be unaware of devices being connected to an insecure Wi-Fi network or that they shouldn't be storing customer details on a USB.

As cyber threats continue to escalate in frequency and sophistication, it is crucial for security leaders to understand the inherent vulnerabilities employees can introduce. Employees, with all their good intentions, are often the weakest link in an organisation's cyber security defences.

Whether through falling for phishing scams, clicking on malicious links, or mishandling sensitive data, human error can lead to devastating security breaches. 

It is essential to acknowledge that employees are susceptible to manipulation, social engineering, and unintentional mistakes. Understanding this human element and its potential impact is the first step in addressing the risk employees pose. Indeed, many employees are often ignoring their organisation’s cyber security procedures, according to new research from Kaspersky. 

According to this analysis, over a quarter of cyber incidents are attributable to workers disregarding security protocols.

In the last two years, for example, 26% of cyber incidents occurred after a staff member violated designated  procedures.  “Data shows the biggest risks posed by employees when it comes to IT security and data protection are ignoring company policies (16%), remote working (13%) and shadow IT (16%)...  The consequences of a lack of cyber security awareness also led to 44% of decision-makers fearing the impact of regulatory fines for non-compliance. In fact, seven in 10 (70%) respondents also agreed that increased regulations heighten the risk of non-compliance." says Kaspersky

The issue has reached such a scale that the level of danger breaches of this nature pose to businesses is almost equal to that of external threats, such as hacking, Kaspersky warned.

Both IT and non-IT employees were found to be circumventing security procedures, the study found. Around 13% of cyber security incidents since 2021 were caused by intentional information security violations from IT security officers, for example.  The study shows that employees in 12% of polled organisations had intentionally used unauthorised devices to access sensitive data. Additionally, other businesses reported 12% of their staff were found to have sent sensitive information to their personal email address. 

Perhaps the most serious  finding from Kaspersky’s research is that 20% of malicious actions were made by staff for personal gain. Of course, this also suggests that an another sizeable proportion of intentional breaches were caused by employees who simply did not want to follow sometimes tedious security procedures.  

Despite the concerning findings around intentional policy violations, Kaspersky's report shows the majority (38%) of cyber security incidents are still caused by accidental human error. Breaking these incidents down by the actions that caused them, Kaspersky found downloading malware to be the leading cause of incidents by non-IT personnel, accounting for 28% of accidental breaches. 

  • A quarter of respondents said using weak passwords, or failing to update them regularly was to blame for the incident, and 24% said they were responsible for a breach when they visited an unsecured website. 
  • Accidental breaches were not solely caused by non-IT staff, however, 14% of cyber incidents caused by unintentional human error were attributed to senior IT professionals.

Ensuring all employees, regardless of department or seniority, have robust cyber hygiene habits is critical for an organisation to implement an effective security posture, according to Kaspersky. “Along with external cybersecurity threats, there are many internal factors that can lead to incidents in any organisation. As statistics show, employees from any department, whether it's non-IT specialists or IT Security professionals, can negatively influence cybersecurity both intentionally and unintentionally,” a Kaspersky spokesman said. 

While your employees may pose a security risk, with the right training you can reduce the risk of falling victim to cyber crime. The important thing is to assess your business, uncover any weak points and communicate the best processes to all staff and management.

EESC Europa:    Comparitech:     Kaspersky:     OpenAccessGovernment:     ITPro:    The Insider/LinkedIn:

Image: fizkes

You Might Also Read: 

Wanted - A New Generation Of Cyber Security Leaders:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 



 

« 23andMe Confirm Hackers Have Access To Data On 6.9M Users
ChatGPT - Solving AI’s Privacy Issue »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Tendo Solutions

Tendo Solutions

Tendo Solutions provides intelligence, security, forensics and risk solutions to clients across different sectors and jurisdictions.

KFSensor

KFSensor

KFSensor is an advanced 'honeypot' intrusion and insider threat detection system for Windows networks.

NordForsk

NordForsk

NordForsk facilitates and provides funding for Nordic research cooperation and research infrastructure. Project areas include digitalisation and digital security.

Future of Cyber Security Europe

Future of Cyber Security Europe

Future of Cyber Security Europe is a European wide event examining the latest cyber security strategies and technologies.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

Balbix

Balbix

Balbix BreachControl™ is the industry’s first system to leverage specialized AI to provide comprehensive and continuous predictive assessment of breach risk.

Arm

Arm

Arm delivers a complete IoT solution, from providing the IP for the chip to delivering the cloud services to securely manage the deployment of products throughout their lifecycle.

Penningtons Manches Cooper

Penningtons Manches Cooper

Penningtons Manches Cooper is a leading UK law firm providing high quality legal advice in areas including Data Protection, Cyber Security and Cyber Crime.

OneTrust

OneTrust

OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management.

Redstor

Redstor

Redstor's complete data management helps you discover, manage and control your data from a single control centre, unifying backup and recovery, disaster recovery, archiving and search and insight.

Cygenta

Cygenta

Cygenta brings a new approach to cybersecurity. We understand that true security means having digital, human and physical security working in harmony.

Sekuro

Sekuro

Sekuro is your leading governance and cyber security partner. Building organisational resilience. Enabling fearless innovation.

Varen Technologies

Varen Technologies

Varen Technologies is an innovative consulting partner with highly respected cyber security, analytics, Agile Software Development and IT/maintenance expertise.

WhiteJar

WhiteJar

WhiteJar offers an innovative approach to modern cybersecurity needs, empowering Ethical Hackers within its unique crowd platform.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.

Pessimistic Security

Pessimistic Security

The team behind Pessimistic helps blockchain startups meet modern security challenges since 2017.