Connect with us

Hi, what are you looking for?

HEADLINES

Information security violations by staff do as much harm as hacking in APAC – Kaspersky

There is a well-established perception that human error is one of the main causes of cyber incidents in business. But things are not as black and white. The state of an organization’s cybersecurity is more complicated than that and more factors come into the equation. 

Employee violations of an organization’s information security policies are as dangerous as external hacker attacks according to a recent study from Kaspersky.

In the last two years, 33% of cyber incidents in businesses in Asia Pacific (APAC) occurred due to employees intentionally violating security protocol. This figure is almost equal to the damage caused by cybersecurity breaches, 40% of which occurred because of hacking. These numbers are a tad higher than the global average of 26% and 30%, respectively.

There is a well-established perception that human error is one of the main causes of cyber incidents in business. But things are not as black and white. The state of an organization’s cybersecurity is more complicated than that and more factors come into the equation. 

With this in mind, Kaspersky conducted a study to find out the opinions of IT Security professionals working for SMEs and Enterprises worldwide on the impact people have on cybersecurity in a company. The research was aimed at gathering information about different groups of people influencing cybersecurity, considering both internal staff, and external actors. A total of 234 respondents from APAC were surveyed.

Advertisement. Scroll to continue reading.

The Kaspersky study revealed that, in addition to genuine errors, information security policy violations by employees from the region were one of the biggest problems for companies. 

Respondents from organizations in APAC claimed that intentional actions to break the cybersecurity rules were made by both non-IT and IT employees in the last two years. They said policy violations such as these by senior IT security officers caused 16%of the cyber incidents in the last two years, 4% higher than the global average. Other IT professionals and their non-IT colleagues brought about 15% and 12% of cyber incidents respectively when they breached security protocols. 

In terms of individual employee behavior, the most common problem is that employees deliberately do what is forbidden and, conversely, they fail to perform what’s required. Thus, respondents claim that a quarter (35%) of cyber incidents in the last two years occurred due to the use of weak passwords or failure to change them in a timely manner. This is 10% higher than the global result of 25%. 

Another cause of almost one third (32%) of cybersecurity breaches were the result of staff in APAC visiting unsecured websites. Another 25% report they faced cyber incidents because employees did not update the system software or applications when it was required. 


Results of Kaspersky study for Asia Pacific


“It is alarming to see that despite the several headline-grabbing data breaches and ransomware attacks that happened in the region this year, a lot of employees continue to intentionally breach basic information security policies. With this latest study showing APAC’s numbers always higher than the global average, a multi-department approach to build a strong enterprise cybersecurity culture is urgently needed to address this human-factor gap that is definitely being exploited by cybercriminals,” comments Adrian Hia, Managing Director for Asia Pacific at Kaspersky. 

Advertisement. Scroll to continue reading.

Using unsolicited services or devices is another major contributor to intentional information security policy violations. Nearly one quarter (31%) of companies suffered cyber incidents because their employees used unauthorized systems for data sharing. Employees in 25% of companies intentionally accessed data through unauthorized devices, whilst 26% of staff in other businesses sent data to personal email addresses. Another reported action was the deployment of shadow IT on work devices – 15% of respondents indicate that this led to their cyber incidents. 

Alarmingly, respondents from APAC admit that, besides the irresponsible behavior already mentioned, 26% of malicious actions were committed by employees for personal gain. Another interesting finding was that intentionally malicious information security policy violations by employees were a relatively big issue in financial services, as 18% of respondents in this sector reported. 

“Along with external cybersecurity threats, there are many internal factors that can lead to incidents in any organization. As statistics show, employees from any department, whether it’s non-IT specialists or IT Security professionals, can negatively influence cybersecurity both intentionally and unintentionally. That is why, it is important to consider methods of preventing information security policy violations when ensuring security, i.e. to implement an integrated approach to cybersecurity. According to our research, in addition to 26% of cyber incidents being caused by information security policies violation, 38% of breaches occur due to human mistakes. As the numbers are alarming, it is necessary to create a cybersecurity culture in an organization from the get-go by developing and enforcing security policies, as well as raising cybersecurity awareness among employees. Thus, the staff will approach the rules more responsibly and clearly understand the possible consequences of their violations,” comments Alexey Vovk, Head of Information Security at Kaspersky.

To keep your company’s infrastructure safe from the consequences of employees’ information security policies violations, Kaspersky recommends:

The full report and more insights on the human impact on cybersecurity in business are available via the link.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

Originating from organized crime gangs in China, the new kits provide the technical components needed to implement a specific pig butchering scheme called “DeFi...

HEADLINES

One in two cybersecurity professionals were not able to confirm the usefulness of their academic training when it came to helping them in their...

HEADLINES

Local threats are malware spread through removable media such as flash drives, even CDs and DVDs and other "offline" methods. Worms and file viruses...

HEADLINES

“When it comes to cyber dating, ika nga #Budol is real. We don’t want to find ourselves in the situation where we’re heart broken and...

HEADLINES

According to the study – which interviewed 1,000 people in 21 countries around the world – online daters are keen to take steps to...

HEADLINES

Seven individuals in Quezon City were apprehended for defrauding GCash customers.

HEADLINES

The Security Priorities 2024 report reveals the pressing issues that IT and security leaders must prioritize and advocates for a pivot from traditional, reactive security postures...

HEADLINES

In a study by Kaspersky on digital privacy, almost half of respondents (41%) said they apply additional measures when browsing the Internet to hide their information...

Advertisement