utrecht - Of the IT security incidents that occurred last year at companies worldwide, 46 percent were unintentionally or unconsciously caused by employees. In 40 percent of those cases, the employees concerned tried to hide the incident after the end. That is what Kaspersky Lab reported after research that it performed with B2B International among 5,000 companies worldwide.
According to Kaspersky, ignorant or careless employees are among the most likely causes of cyber security incidents. Only malware scores higher.
With over a quarter, 28 percent, of targeted attacks on companies, phishing or social engineering played a role as a source. '' Phishing emails, weak passwords, phonebook calls from the support department- we've seen it all over. Even a dead-normal USB stick that lies in the office of the office or at the secretary's office can endanger the entire network, 'said David Jacoby of Kaspersky Lab.
According to Kaspersky, workers fearing the consequences would more likely endanger the organization than to report a problem. '' Or they are ashamed that they were responsible for something that went wrong. ''
In some cases, companies introduce strict, but unclear policies and exert too much pressure on employees by warning them not to do certain things because they are otherwise responsible if something goes wrong, said Martijn van Lom of Kaspersky Lab Benelux. '' Such policies promote anxiety culture and leave employees only one option: do everything to avoid punishment. '' He therefore recommends a positive, educational approach based cyber security culture.