Incorrect behavior by employees was responsible for over a third of all German cyber incidents in the last two years. In 17 percent of cases, they acted with bad intentions and for their own good.
Companies face different security risks; Employees are more often responsible for security incidents than hackers. These results come from a recent Kaspersky survey. In companies in Germany that experienced security incidents in the past two years, 37 percent were due to human error and 30 percent were due to protocol violations; Hackers only made up 27 percent.
IT specialists also ignore security rules
The Kaspersky study shows that cybersecurity rules are also ignored - sometimes consciously - by IT employees. 15 percent of incidents in companies in Germany were caused by deliberate violations by IT specialists, and in another eight percent IT security officers were even responsible for this; Eleven percent of the intentional violations were committed by non-IT employees.
Almost one in three security incidents (30 percent) were due to an employee's reaction to a phishing attack. However, the security incidents were often related to negligence: 19 percent of the incidents occurred due to system or application software not being updated at the required time. Another 17 percent were due to visiting unsafe websites and XNUMX percent were due to using weak passwords or passwords that were not changed in a timely manner.
Employees used unauthorized devices
The frequent use of unauthorized devices or shadow software is also alarming. In more than one in five companies (21 percent), incidents occurred because employees used unauthorized systems to exchange data. In just as many companies, sending data to private email addresses led to cybersecurity incidents. In 19 percent of cases, employees used unauthorized devices to access data or unauthorized shadow IT on work devices.
Companies continue to struggle with intentional misconduct by employees. In 17 percent of incidents in companies in Germany, employees acted with malicious intent and for their own benefit. This behavior is particularly widespread worldwide in the financial sector: In more than one in three companies (34 percent), such deliberate and targeted security breaches by employees occurred.
More at Kaspersky.de
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/