Why Employees Hide Cyber-Security Incidents

 
 
By Karen A. Frenkel  |  Posted 08-14-2017 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Why Employees Hide Cyber-Security Incidents
    Next

    Why Employees Hide Cyber-Security Incidents

    Uninformed and careless employees are hiding security incidents from their company, but security policies that are not punitive and don't foster fear can help.
  • Previous
    Biggest Chink in Security Armor
    Next

    Biggest Chink in Security Armor

    52% of the businesses surveyed admitted that employees are their biggest weakness in IT security because workers' careless actions put the company at risk.
  • Previous
    Hiding Security Incidents
    Next

    Hiding Security Incidents

    Employees hide security breaches at 40% of businesses, with larger companies most affected. Large companies (over 1000 employees): 45%. SMBs (50 to 999 employees): 42%. Very small businesses (49 or fewer employees): 29%
  • Previous
    Uninformed or Careless Employees
    Next

    Uninformed or Careless Employees

    In addition to employees who hide incidents, 46% of IT security incidents are caused by uninformed or careless employees.
  • Previous
    Human Factor Is Evergreen
    Next

    Human Factor Is Evergreen

    Although malware becomes more sophisticated daily, the human factor is evergreen and can pose an even greater danger.
  • Previous
    Malicious Staff
    Next

    Malicious Staff

    30% of the security events that took place during the past 12 months involved staff members working against their own employer.
  • Previous
    What Businesses Fear Most About Employees
    Next

    What Businesses Fear Most About Employees

    Sharing inappropriate data via mobile devices: 47% Loss of mobile devices, exposing company data: 46% Employees' inappropriate use of IT resources: 44%
  • Previous
    Employees, Viruses and Malware
    Next

    Employees, Viruses and Malware

    Of those companies that experienced virus and malware incidents, 53% said careless and uninformed employees were the top contributing factors. 36% think phishing and social engineering contributed to the attack.
  • Previous
    Employees and Targeted Attacks
    Next

    Employees and Targeted Attacks

    27% of the businesses surveyed were victims of targeted attacks—a 6% rise since last year. Of these, 28% believe phishing and social engineering contributed to the attack.
  • Previous
    Employee Actions and Data Leaks
    Next

    Employee Actions and Data Leaks

    46% of respondents confirmed that security incidents resulted in their business' data being leaked or exposed because of employee actions.
  • Previous
    Types of Information Lost
    Next

    Types of Information Lost

    28% of respondents have lost highly sensitive or confidential customer and employee information because of irresponsible workers, and 25% have lost payment information.
  • Previous
    Concerns About BYOD Persist
    Next

    Concerns About BYOD Persist

    33% of businesses worldwide are still concerned about BYOD, and 48% worry about employees inappropriately sharing company data via mobile devices.
  • Previous
    Weak Policies
    Next

    Weak Policies

    An IT security policy is not enough because 44% of employees don't follow it, and only 26% of companies enforce it.
  • Previous
    Recommendations
    Next

    Recommendations

    Train all employees to pay attention to cyber-threats and countermeasures. Install security updates to ensure anti-malware protection is on. Have workers make it a priority to manage their personal passwords.
 

Workers are hiding cyber-security incidents from their employers, according to a new study, thereby increasing overall damage. The consequences can be dire. Just one unreported incident may indicate a much larger breach, and security teams must be able to quickly identify threats in order to choose the right mitigation tactics. The report, "The Human Factor In IT Security: How Employees Are Making Businesses Vulnerable From Within," was conducted by Kaspersky Lab and B2B International. "If employees are hiding incidents, there must be a reason why," said Slava Borilin, security education program manager at Kaspersky Lab. "In some cases, companies introduce strict but unclear policies and put too much pressure on staff, warning them not to do this or that, or they will be held responsible if something goes wrong. Such policies foster fears and leave employees with only one option—to avoid punishment, whatever it takes." He recommends a positive cyber-security culture based on an educational rather than a restrictive approach from the top down. 5,000 businesses worldwide participated in the study.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register