A study released by Kaspersky Labs early in 2018 revealed that out of almost 8000 employees surveyed by the antivirus provider, they found that a little over a tenth were actively informed on their organization’s cybersecurity guidelines. 49 percent responded that they saw cyberthreat protection as a responsibility for all company personnel, and almost a quarter said that they were unaware that their organizations even had network security policies in place. Kaspersky had earlier reported in 2017 that they had found that nearly half of IT security incidents experienced by enterprises each year were caused by employees. They also discovered that approximately 40 percent of businesses worldwide had found employees concealing cybersecurity breaches to avoid being penalized, with about 42 percent of the SMBs surveyed included in this segment.
There are several cybersecurity dangers that may arise from uninformed employees, including networks being exposed to malware from phishing emails or dummy websites. The widespread use of mobile devices among personnel also creates serious vulnerabilities, as employees may use their smartphones to access or transfer company data. Many organizations often ignore or overlook data protection for personal and company mobile devices, which leads to an increased level of exposure to external threats in this area. As smartphones and tablets are essentially smaller computers, they are just as susceptible – if not more so – as desktop machines to becoming infected with malware.
Hackers have transitioned to social engineering strategies to identify and lure in targets, which allows them to more carefully select company personnel who will provide them with a greater return for their efforts. Employees that act as gatekeepers of sensitive organizational data are more valuable potential victims of a phishing attack since they will have login access to this digital information. Human resources, accounting, and other staff that have to manage critical corporate data to fulfill their roles are the most likely candidates. Executives are also more liable to become targets of hackers seeking entryways into company databases, and cybercriminals have developed special campaigns around attempting to breach the cyber defenses of c-level officers.
Cybersecurity ignorance among employees at every level of your organization represents a significant vulnerability that can be exploited by attackers looking to acquire either your or your clients’ data. Managing network security is effectively a case of maintaining the strength of the weakest link. Every employee whose role requires them to be connected to the network has to know what can expose them to cyber threats, what techniques can be used to overcome vulnerabilities, and what are the signs of a possible cyber attack. Most importantly, everyone must be ready to report a breach if they believe they might have been hacked.
One of the first lines of defense against network is employee cyber readiness, and that can only be achieved with the right training. Sign up for our Phishing Defender solution to receive access to cybersecurity training resources and employee testing that will help prepare your personnel for potential cyber attack.