Too Many Corporate Employees Ignore Cyber Security

Uploaded on 2023-12-11 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

The process of digitisation offers all organisations big economic and social opportunities. It also transforms the level of  cyber security risk and creates new vulnerabilities for attackers to exploit. Not least amongst these risks, perhaps the largest one that organisations face, are their own employees.

While employees are the lifeblood of any organisation, they also pose the greatest cyber security risk. 

Accidental breaches are still the most common security incidents affecting firms and one of the biggest reasons for employees being a security risk is that they are unaware of what they should and shouldn't be doing. Typically, they may simply be unaware of devices being connected to an insecure Wi-Fi network or that they shouldn't be storing customer details on a USB.

As cyber threats continue to escalate in frequency and sophistication, it is crucial for security leaders to understand the inherent vulnerabilities employees can introduce. Employees, with all their good intentions, are often the weakest link in an organisation's cyber security defences.

Whether through falling for phishing scams, clicking on malicious links, or mishandling sensitive data, human error can lead to devastating security breaches. 

It is essential to acknowledge that employees are susceptible to manipulation, social engineering, and unintentional mistakes. Understanding this human element and its potential impact is the first step in addressing the risk employees pose. Indeed, many employees are often ignoring their organisation’s cyber security procedures, according to new research from Kaspersky. 

According to this analysis, over a quarter of cyber incidents are attributable to workers disregarding security protocols.

In the last two years, for example, 26% of cyber incidents occurred after a staff member violated designated  procedures.  “Data shows the biggest risks posed by employees when it comes to IT security and data protection are ignoring company policies (16%), remote working (13%) and shadow IT (16%)...  The consequences of a lack of cyber security awareness also led to 44% of decision-makers fearing the impact of regulatory fines for non-compliance. In fact, seven in 10 (70%) respondents also agreed that increased regulations heighten the risk of non-compliance." says Kaspersky

The issue has reached such a scale that the level of danger breaches of this nature pose to businesses is almost equal to that of external threats, such as hacking, Kaspersky warned.

Both IT and non-IT employees were found to be circumventing security procedures, the study found. Around 13% of cyber security incidents since 2021 were caused by intentional information security violations from IT security officers, for example.  The study shows that employees in 12% of polled organisations had intentionally used unauthorised devices to access sensitive data. Additionally, other businesses reported 12% of their staff were found to have sent sensitive information to their personal email address. 

Perhaps the most serious  finding from Kaspersky’s research is that 20% of malicious actions were made by staff for personal gain. Of course, this also suggests that an another sizeable proportion of intentional breaches were caused by employees who simply did not want to follow sometimes tedious security procedures.  

Despite the concerning findings around intentional policy violations, Kaspersky's report shows the majority (38%) of cyber security incidents are still caused by accidental human error. Breaking these incidents down by the actions that caused them, Kaspersky found downloading malware to be the leading cause of incidents by non-IT personnel, accounting for 28% of accidental breaches. 

  • A quarter of respondents said using weak passwords, or failing to update them regularly was to blame for the incident, and 24% said they were responsible for a breach when they visited an unsecured website. 
  • Accidental breaches were not solely caused by non-IT staff, however, 14% of cyber incidents caused by unintentional human error were attributed to senior IT professionals.

Ensuring all employees, regardless of department or seniority, have robust cyber hygiene habits is critical for an organisation to implement an effective security posture, according to Kaspersky. “Along with external cybersecurity threats, there are many internal factors that can lead to incidents in any organisation. As statistics show, employees from any department, whether it's non-IT specialists or IT Security professionals, can negatively influence cybersecurity both intentionally and unintentionally,” a Kaspersky spokesman said. 

While your employees may pose a security risk, with the right training you can reduce the risk of falling victim to cyber crime. The important thing is to assess your business, uncover any weak points and communicate the best processes to all staff and management.

EESC Europa:    Comparitech:     Kaspersky:     OpenAccessGovernment:     ITPro:    The Insider/LinkedIn:

Image: fizkes

You Might Also Read: 

Wanted - A New Generation Of Cyber Security Leaders:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 



 

« 23andMe Confirm Hackers Have Access To Data On 6.9M Users
ChatGPT - Solving AI’s Privacy Issue »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

StoneFly

StoneFly

StoneFly offers High Availability, high performance cluster and scale out storage, and backup and disaster recovery appliances.

4Stop

4Stop

4Stop is a global KYC, compliance and anti-fraud risk management company.

Osirium

Osirium

The Osirium PxM Privileged Access Management platform addresses both security and compliance requirements by defining who gets access to what and when.

iosiro

iosiro

iosiro was created to guide companies through securely using blockchain technologies. We help teams launch and manage ICOs, deploy secure dApps, and integrate private networks into business practices.

Mendoza Ventures

Mendoza Ventures

Mendoza Ventures is a venture capital fund focusing on pre-seed Artificial Intelligence (AI), Fintech, and Cybersecurity startups.

White Bullet

White Bullet

White Bullet’s risk profiling AI detects, dynamically scores and flags unsafe domains, apps and advertising.

Conversant Group

Conversant Group

Conversant Group is an IT infrastructure and security consulting company, providing technical, organizational, procedural, and process consulting internationally.

MoogleLabs

MoogleLabs

MoogleLabs leverage AI/ML, Blockchain, DevOps, and Data Science to come up with the best solutions for diverse businesses.

FortiGuard Labs

FortiGuard Labs

FortiGuard Labs is the threat intelligence and research organization at Fortinet. Its mission is to provide Fortinet customers with the industry’s best threat intelligence.

Nclose

Nclose

Nclose is a proudly South African cyber security specialist that has been securing leading enterprises and building our security portfolio since 2006.

Vertek

Vertek

Vertek is a leading provider of operations consulting, end-to-end business process outsourcing, business intelligence, software applications and managed cybersecurity solutions.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

Aegis Cyber Defense Systems

Aegis Cyber Defense Systems

AEGIS is a powerful cybersecurity tool that can help protect your devices and networks from cyber threats, and increase performance.

Zenzero

Zenzero

Zenzero simplifies technology adoption and supports our customers through managed and outsourced IT support.

OpenAI

OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity.

QPoint Technologies

QPoint Technologies

QPoint provides solutions and consulting in areas including software engineering, testing, cybersecurity, ICT, web, mobile, project management, and complex integration processes.