Employees hide IT security incidents in 40% of businesses around the world – that’s according to a new report from Kaspersky Lab and B2B International, “Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within”.

 

With 46% of IT security incidents caused by employees each year, this business vulnerability must be addressed on many levels, not just through the IT security department.

 

Walking hackers to your door

 

Uninformed or careless employees are one of the most likely causes of a cybersecurity incident – second only to malware. While malware is becoming more and more sophisticated, the sad reality is that the evergreen human factor can pose an even greater danger.

 

In particular, employee carelessness is one of the biggest chinks in corporate cybersecurity armor when it comes to targeted attacks. While advanced hackers might always use custom-made malware and hi-tech techniques to plan a heist, they will likely start with exploiting the easiest entry point – human nature.

 

According to the research, every third (28%) targeted attack on businesses in the last year had phishing/social engineering at its source. For example, a careless accountant could easily open a malicious file disguised as an invoice from one of a company’s numerous contractors.

This could shut down the entire organization’s infrastructure, making the accountant an unwitting accomplice to attackers.

 

“Cybercriminals often use employees as an entry point to get inside the corporate infrastructure. Phishing emails, weak passwords, fake calls from tech support – we’ve seen it all. Even an ordinary flash card dropped in the office parking lot or near the secretary’s desk could compromise the entire network – all you need is someone inside, who doesn’t know about, or pay attention to security, and that device could easily be connected to the network where it could reap havoc,” says David Jacoby, Security Researcher at Kaspersky Lab.

 

Sophisticated targeted attacks do not happen to organizations every day – but conventional malware does strike at mass. Unfortunately though, the research also shows that even where malware is concerned, unaware and careless employees are also often involved, causing malware infections in 53% of incidents.

 

Hide and seek: why HR and top management should get involved

 

Staff hiding the incidents they have been involved in may lead to dramatic consequences, increasing the overall damage caused. Even one unreported event could indicate a much larger breach, and security teams need to be able to quickly identify the threats they are up against to choose the right mitigation tactics.

 

But staff would rather put organizations at risk than report a problem because they fear punishment, or are embarrassed that they are responsible for something going wrong.

 

Some companies have introduced strict rules and impose extra responsibility on employees, instead of encouraging them to simply be vigilant and cooperative. This means that cyberprotection not only lies in the realm of technology, but also in an organization’s culture and training. That’s where top management and HR need to get involved.

 

“The problem of hiding incidents should be communicated not only to employees, but also to top management and HR departments. If employees are hiding incidents, there must be a reason why. In some cases, companies introduce strict, but unclear policies and put too much pressure on staff, warning them not to do this or that, or they will be held responsible if something goes wrong. Such policies foster fears, and leave employees with only one option – to avoid punishment whatever it takes. If your cybersecurity culture is positive, based on an educational approach instead of a restrictive one, from the top down, the results will be obvious,” comments Slava Borilin, Security Education Program Manager at Kaspersky Lab.

 

Borilin also recalls an industrial security model, where a reporting and ‘learn by mistake’ approach are at the heart of the business. For instance, in his recent statement, Tesla’s Elon Musk requested every incident affecting worker safety to be reported directly to him, so that he can play a central role in change.

 

The human factor: corporate climate and beyond

 

Organizations around the world are already waking up to the problem of their staff making their businesses vulnerable: 52% of companies surveyed admit that staff are the biggest weakness in their IT security.

 

The need to implement personnel-focused measures is becoming more and more evident: 35% of businesses are looking to improve security through delivering training to staff, making this the second most popular method of cyber defense, second only to the deployment of more sophisticated software (43%).

 

The best way of protecting organizations from human-related cyberthreats is to combine the right tools with the right practices. This should involve HR and management efforts, to motivate and encourage employees to be watchful and seek help in the case of an incident.

 

Security awareness training for staff, delivering clear guidelines instead of multipage documents, building strong skills and motivation and fostering the right working atmosphere, are the first steps organizations should take.

 

In terms of security technologies, most of the threats aimed at targeting unaware or careless employees – including phishing – can be addressed with endpoint security solutions. These can cover the particular needs of SMB and enterprise companies in terms of functionality, pre-configured protection or advanced security settings, to minimize risks.

 

To read the full report “Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within”, visit our blog.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Must-Have Christmas Bundles on Your Shopping List
Techworld Date Posted: 14 December 2018 4:45 PM | 296 Views
Everyone’s favourite holiday is a few carols away. To help everyone check off items on their holiday shopping lists, HMD Global, the home of Nokia phones, offers timely and reliable gift ideas that will.... See More
 
Must-Have Christmas Bundles on Your Shopping List
Techworld Date Posted: 4:45 PM | 296 Views
Everyone’s favourite holiday is a few carols away. To help everyone check off items on their holiday shopping lists, HMD Global, the home of Nokia phones, offers timely and reliable gift ideas that will...See More

 
Alita: Battle Angel Hypes Up with AOC and 21st Century Fox’s Exclusive Sneak Peek in IMAX Theatre
Techworld Date Posted: 18 December 2018 10:48 AM | 393 Views
AOC, a global-leader in display technology, and Twentieth Century Fox Film Corporation once again joined forces as promotional partners for an exclusive sneak peek of Alita: Battle Angel at the IMAX Theater in SM.... See More
 
Alita: Battle Angel Hypes Up with AOC and 21st Century Fox’s Exclusive Sneak Peek in IMAX Theatre
Techworld Date Posted: 10:48 AM | 393 Views
AOC, a global-leader in display technology, and Twentieth Century Fox Film Corporation once again joined forces as promotional partners for an exclusive sneak peek of Alita: Battle Angel at the IMAX Theater in SM...See More

 
Pascual Laboratories Partners with ePLDT, PLDT Enterprise to Address ‘Long Distance Work Relationship’
Techworld Date Posted: 25 October 2018 2:19 PM | 429 Views
ePLDT, the industry-leading enabler of digital enterprise solutions in the Philippines, and PLDT Enterprise — the B2B arm of PLDT — recently entered into a strategic engagement with one of the Philippines’ top pharmaceutical.... See More
 
Pascual Laboratories Partners with ePLDT, PLDT Enterprise to Address ‘Long Distance Work Relationship’
Techworld Date Posted: 2:19 PM | 429 Views
ePLDT, the industry-leading enabler of digital enterprise solutions in the Philippines, and PLDT Enterprise — the B2B arm of PLDT — recently entered into a strategic engagement with one of the Philippines’ top pharmaceutical...See More

 
Lenovo™ and Disney Bring New Multiplayer Mode to Star Wars™: Jedi Challenges Augmented Reality Experience
Techworld Date Posted: 8 May 2018 10:28 AM | 164 Views
For the first time in Star Wars: Jedi Challenges, Star Wars fans can have lightsaber battles against each other in local multiplayer mode, the newest feature expansion for the smartphone-powered augmented reality (AR) experience.... See More
 
Lenovo™ and Disney Bring New Multiplayer Mode to Star Wars™: Jedi Challenges Augmented Reality Experience
Techworld Date Posted: 10:28 AM | 164 Views
For the first time in Star Wars: Jedi Challenges, Star Wars fans can have lightsaber battles against each other in local multiplayer mode, the newest feature expansion for the smartphone-powered augmented reality (AR) experience...See More

 
NVIDIA® Sponsors Dota 2 Hotshots TNC Pro Team
Techworld Date Posted: 19 January 2018 5:00 PM | 1676 Views
NVIDIA® today announced its sponsorship of TNC Pro Team, a leading team of gamers in Defense of the Ancients 2, commonly known as Dota 2.. See More
 
NVIDIA® Sponsors Dota 2 Hotshots TNC Pro Team
Techworld Date Posted: 5:00 PM | 1676 Views
NVIDIA® today announced its sponsorship of TNC Pro Team, a leading team of gamers in Defense of the Ancients 2, commonly known as Dota 2.See More

 
Streaming Movie Baywatch (2017)
Techworld Date Posted: 16 September 2017 9:37 AM | 197 Views
Fast-paced, on-the-go, and with a crucial priority for high-speed connectivity, the world today has increasingly higher and higher demands for the best Internet performance-and your Small Office/Home Office (SOHO) environment is no exception. Powered.... See More
 
Streaming Movie Baywatch (2017)
Techworld Date Posted: 9:37 AM | 197 Views
Fast-paced, on-the-go, and with a crucial priority for high-speed connectivity, the world today has increasingly higher and higher demands for the best Internet performance-and your Small Office/Home Office (SOHO) environment is no exception. Powered...See More

 
ADATA Launches the IM2S3164, an Industrial-Grade 3D NAND SSD
Techworld Date Posted: 28 February 2019 2:34 PM | 157 Views
ADATA Technology a leading manufacturer of high-performance DRAM modules, NAND Flash products, and mobile accessories has launched the IM2S3164 industrial-grade SATA III solid-state drive.. See More
 
ADATA Launches the IM2S3164, an Industrial-Grade 3D NAND SSD
Techworld Date Posted: 2:34 PM | 157 Views
ADATA Technology a leading manufacturer of high-performance DRAM modules, NAND Flash products, and mobile accessories has launched the IM2S3164 industrial-grade SATA III solid-state drive.See More

 
10 Years in the Making: NVIDIA® Brings Real-Time Ray Tracing to Gamers with GeForce® RTX™
Techworld Date Posted: 22 August 2018 2:04 PM | 253 Views
NVIDIA® has unveiled the GeForce® RTX™ series, the first gaming GPUs based on the new NVIDIA® Turing™ architecture and the NVIDIA® RTX™ platform, which fuses next-generation shaders with real-time ray tracing and all-new AI.... See More
 
10 Years in the Making: NVIDIA® Brings Real-Time Ray Tracing to Gamers with GeForce® RTX™
Techworld Date Posted: 2:04 PM | 253 Views
NVIDIA® has unveiled the GeForce® RTX™ series, the first gaming GPUs based on the new NVIDIA® Turing™ architecture and the NVIDIA® RTX™ platform, which fuses next-generation shaders with real-time ray tracing and all-new AI...See More

 
IoT under fire: Kaspersky detects more than 100 million attacks on smart devices in H1 2019
Techworld Date Posted: 25 October 2019 9:35 AM | 308 Views
IoT under fire: Kaspersky detects more than 100 million attacks on smart devices in H1 2019. See More
 
IoT under fire: Kaspersky detects more than 100 million attacks on smart devices in H1 2019
Techworld Date Posted: 9:35 AM | 308 Views
IoT under fire: Kaspersky detects more than 100 million attacks on smart devices in H1 2019See More

 
TajMahal: Rare Spying Platform with 80 Malicious Modules, Unique Functionality and No Known Links to Current Threat Actors
Techworld Date Posted: 27 April 2019 9:46 AM | 157 Views
Kaspersky Lab researchers have uncovered a technically sophisticated cyberespionage framework that has been active since at least 2013 and appears to be unconnected to any known threat actors. The framework, which researchers have named.... See More
 
TajMahal: Rare Spying Platform with 80 Malicious Modules, Unique Functionality and No Known Links to Current Threat Actors
Techworld Date Posted: 9:46 AM | 157 Views
Kaspersky Lab researchers have uncovered a technically sophisticated cyberespionage framework that has been active since at least 2013 and appears to be unconnected to any known threat actors. The framework, which researchers have named...See More


Power by

Download Free AZ | Free Wordpress Themes