Kaspersky Lab announced a new report, “Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within,” that found employees hide IT security incidents in 40 percent of businesses across the globe to avoid punishment.
Larger-sized businesses seemed to suffer the most from employees hiding their security problems.
45% of enterprises (over 1,000 employees) experience employees hiding cybersecurity incidents, with 42% of SMBs (50 to 999 employees), and only 29% of VSBs (under 49 employees).
The survey also found that the uninformed or careless employees are one of the most likely causes of a cybersecurity incident — only second to malware.
The surprising reality is that the human factor can pose an even greater danger.
46% of IT security incidents are caused by employees each year – that’s nearly half of the business security issues faced triggered by employee behavior.
Staff hiding the incidents that they have encountered may lead to dramatic consequences for businesses, increasing the overall damage caused.
Even one unreported event could indicate a much larger breach, and security teams need to be able to quickly identify the threats they are up against to choose the right mitigation tactics.
Reporting and ‘learn by mistake’ approach is the best industrial security model.
For example, Tesla’s Elon Musk requested every incident affecting worker safety to be reported directly to him, so that he can play a central role in change.
Same approach can be applied to company security.
The survey found that businesses worry the most about employees sharing inappropriate data via mobile devices (47%), the physical loss of mobile devices exposing their company to risk (46%) and the use of inappropriate IT resources by employees (44%).
Advanced hackers prefer to use custom-made malware and high-tech techniques to plan a heist, but they will most probably start with exploiting the easiest entry point – the human factor.
According to the research, every third (28%) targeted attack on businesses in 2016 had phishing/social engineering at its source.
Sophisticated targeted attacks do not happen to organizations every day – but conventional malware does strike at mass.
Unfortunately though, the research also shows that even where malware is concerned, unaware and careless employees are also often involved, causing malware infections in more than half (53%) of incidents that occurred globally.