Research recently published by Kapersky Lab has just confirmed what I have been saying for some time, that employees are now the weakest link in the corporate security perimeter. The report, the IT Security Risks Survey 2017, reveals that not only are employees one of the most likely causes of a cyber incident, but that they are also likely to be hiding incidents from their employers.
The research reveals that 49% of businesses worldwide report being attacked by malware over the last year. Of these attacks, 53% were mainly caused by careless or uninformed employees, 38% by the loss of hardware (usually mobile devices) and 36% by phishing or social engineering.
The five areas that businesses feel most vulnerable in are:
- inappropriate sharing of data on mobile devices
- physical loss of mobile devices
- inappropriate IT resource use by employees
- incidents that affect suppliers with whom data is shared
- incidents involving non-computing, connected devices
According to the survey, employees at almost half of businesses globally are believed to have hidden IT security incidents in order to avoid punishment, with 45% of enterprises and 42% of SMEs hiding incidents. This is serious because it is denying the IT security team the heads up they need to quickly identify and mitigate the threat, and exposes the business to potentially much more damage and loss of data.
The report quotes an example from a company where an employee took their own device into work, but connected to the corporate network using local administrator rights. The employee opened an attachment on a fake e-mail and their personal files were attacked by a ransomware virus. The employee did not wish to admit their mistake and paid the ransom themselves. But this did not remove the malware from their system and it eventually found its way into corporate shared folders where more files were encrypted and a further ransom was demanded from the company, at which point the employee’s action came to light.
This story of lax corporate security, careless action by an employee and then a cover up is only too common now. It is an excellent example of why a behavioural monitoring solution that plugs into a corporate network and observes activity inside the security perimeter is now so indispensable. These solutions use big data to build up a picture of activity inside the network and can very quickly spot anything that is unusual or suspicious. They can automatically restrict user access rights and immediately alert the system administrator.
Don’t rely on your employees following to the letter your IT security policies and don’t rely on them telling you if they have made a mistake. Put in place a system that will protect both you and them before it is too late.
Tags: #Cyber Security