Uninformed employees might be a company’s biggest threat when it comes to cybersecurity, at least according to a report released by Kaspersky Lab earlier this week.
More than 4,000 businesses from 25 countries were surveyed about “their perceptions of the main security threats they face and the measures used to combat them.” According to the survey results, North American businesses claim that two of the top causes of the most serious data breaches they’ve encountered came about because of careless or uninformed employee actions (59 percent) and phishing/social engineering (56 percent.) The report also confirms cyberattacks on businesses are common throughout the world.
The report Business Perception of IT Security: In the Face of an Inevitable Compromise, revealed that perception and reality line up when it comes to a business’s employees. “A top concern of North American businesses and a leading cause of successful cyberattacks in these organizations are also the most important asset: their employees,” according to a press release about the report published on Business Wire.
With this in mind, it’s more important than ever for business leaders to ensure their employees are educated on company policies and procedures for navigating security threats in the workplace.
“The most important finding is the companies’ points of vulnerability: threats like employee carelessness and data exposure due to inappropriate sharing of device theft,” said Veniamin Levtsov, vice president, enterprise business at Kaspersky Lab. “Such challenges cannot be addressed by a technology or algorithm, instead they require better employee awareness and regular training. Adding targeted attacks, issues related to cloud services and IT outsourcing to the context reveals a need for an integrated approach: well-proven technologies to prevent widespread cyberthreats; intelligent systems to analyze the workflow, detect potential weak points and targeted attacks; security expertise, awareness and training to address a company’s general resistance towards current and potential threats.”
Other key findings from the report include:
- 43 percent of businesses experienced data loss due to a cybersecurity incident
- Data protection is the top priority, with 80 percent of businesses saying that this is their major concern
- 54 percent of businesses say they face challenges understanding how to address inappropriate usage or sharing data via mobile devices, the most vulnerable area of expertise facing organizations
- Overall, 37 percent of businesses experienced at least one phishing attack, 17% of businesses had suffered from a DDoS attack, and 20 percent of businesses worldwide reported an incident involving ransomware
The report’s Executive Summary had this to say: “it’s clear the threats businesses are increasingly concerned about, such as targeted attacks, exploitation of mobile devices and ransomware, call for new approaches. What’s required is a new way of thinking which aligns perception with reality to create protection that addresses concerns and vulnerabilities at the same time.”
Are you covered for identity theft?