Employee violations of information security policies are as dangerous as hacking according to a recent study from Kaspersky.
Based on the survey of 234 IT Security professionals from Asia Pacific (APAC), the Kaspersky study revealed that information security policy violations by staff were one of the biggest security challenges for companies.
Around a third (33%) of hacking in APAC was due to intentional security protocol violations of employees, not a huge difference from the 40% of cybersecurity breaches, caused by hacking.
Key insights
Senior IT security officers (16%), other IT professionals (15%), and their non-IT colleagues (12%) caused these cyber incidents in the last two years when they breached security protocols.
Cyber incidents in the last two years occurred because of using weak and outdated passwords (35%), visiting unsecured websites (32%), and failing to update system software or applications (25%)
“As the numbers are alarming, it is necessary to create a cybersecurity culture in an organization from the get-go by developing and enforcing security policies, as well as raising cybersecurity awareness among employees.
Thus, the staff will approach the rules more responsibly and clearly understand the possible consequences of their violations,” comments Alexey Vovk, head of Information Security at Kaspersky.
Recommendations
To be safe from staff violations of information security policies, Kasperksky recommends using cybersecurity products with Application, Web, and Device control features that can limit the use of unsolicited apps; control data transfers in and out of the system; and filter content to prevent an unsolicited data transmission.