Report exposes reasons behind cybersecurity vulnerabilities

A new report on cybersecurity reveals that simple human error remains one of the principal vulnerabilities that leave organizations open to cyberattacks. The research, carried out by leading cybersecurity and antivirus provider Kaspersky Lab, found that carelessness by employees was at the root of 46 percent of data breaches in the past year. The researchers have suggested that this points to an urgent need for organizations to develop stronger cybersecurity policies and increase awareness of cyberthreats among employees at all levels.

This was further highlighted by other findings in the research, which surveyed almost 8,000 employees of organizations. Of those questioned, only 12 percent said they completely understood their employer’s cybersecurity policies, and a further 24 percent said that the organization in which they work lacks any form of cybersecurity framework.

A narrow minority of the survey’s respondents – 49 percent – agreed that employees share a collective responsibility for keeping their organization protected against cyberattacks, while others divided responsibility between dedicated IT staff, and nontechnical workers. This points to another potential issue for small and medium-sized enterprises, where employees use their own laptops, tablets or smartphones to connect to the business network, but may not feel a personal responsibility to take precautions against cyberthreats; the problem can be further exacerbated by the lack of access to skilled IT employees and financial resources in smaller and developing businesses.

The report also revealed that within organizations, executives, HR managers and finance specialists – those with greater access to sensitive personal and financial information – were among those at greatest risk of being targeted by criminals in cybersecurity attacks. In a press release, Kaspersky Lab’s Vladimir Zapolyansky said that organizations should focus on improving awareness of the risk of cyberattacks among employees, and look to implementing solutions that are strong enough to protect against potential cyberthreats, while at the same time being uncomplicated enough for nontechnical employees to understand and use.