In 40% of companies around the world, employees conceal IT security incidents. Given that every year 46% of IT security incidents are caused by employees, action is required at many levels, not just IT security departments, to eliminate this vulnerability in many companies.
Inviting cybercriminals in
- The consequences of such concealment can be very serious, because every, even the smallest, action of cybercriminals can be followed by a larger attack. Even one small undetected fake e-mail with some harmful attachment can lead to an infection of the whole company. The security department, which will not be informed by the employee, will simply be powerless in such a case - says newsrm.tv Piotr Kupczyk from Kaspersky Lab Polska.
Cybercriminals often use their employees to infiltrate company infrastructure. Phishing messages, weak passwords, fake calls from support - we've seen it all. Even an ordinary memory card dropped in an office car park or near an employee's desk can cause an infection of the entire network - it only takes someone inside who is not aware of or does not pay attention to security to connect the device to the network, causing great damage as a result
- As an example, an inattentive accountant can be given here, who opens a harmful attachment, thinking that it is an invoice from one of the company's numerous contractors. After running such a file, the accountant's computer and all the resources it has access to can be infected, and the company can even be paralysed, the expert warns.
Fun in hide-and-seek: necessary input from HR and top management
Employees often prefer to put the organisation at risk rather than report a problem because they are afraid of being punished or ashamed of being responsible for the situation. Some companies have introduced strict rules and have given employees extra responsibility, rather than simply encouraging them to be vigilant and cooperate. This shows that cyber protection is not only about technology, but also about organizational culture and training, so top management and human resources should also be involved.
The human factor: corporate climate and more
Organizations around the world realize that staff can expose companies to attacks: 52% of the surveyed companies admit that employees are their biggest weak point when it comes to IT security. The need to implement staff-centred measures is becoming increasingly apparent: 35% of companies strive to increase security by organizing employee training - which is the second most popular method of cybersecurity, giving way only to installation more