Employee violations of an organisation’s information security policies are as dangerous as external hacker attacks according to a recent study from Kaspersky. In the last two years, 33% of cyber incidents in businesses in Asia Pacific (APAC) occurred due to employees intentionally violating security protocol it noted.
This figure is almost equal to the damage caused by cybersecurity breaches, 40% of which occurred because of hacking. These numbers are a tad higher than the global average of 26% and 30%, respectively. There is a well-established perception that human error is one of the main causes of cyber incidents in business.
The state of an organization’s cybersecurity is more complicated than that and more factors come into the equation. With this in mind, the security company conducted a study to find out the opinions of IT Security professionals working for SMEs and Enterprises worldwide on the impact people have on cybersecurity in a company. The research was aimed at gathering information about different groups of people influencing cybersecurity, considering both internal staff, and external actors.
A total of 234 respondents from APAC were surveyed. The study revealed that, in addition to genuine errors, information security policy violations by employees from the region were one of the biggest problems for companies. Respondents from organisations in APAC claimed that intentional actions to break the cybersecurity rules were made by both non-IT and IT employees in the last two years. They said policy violations such as these by senior IT security officers caused 16%of cyber incidents in the last two years, 4% higher than the global average. Other IT professionals and their non-IT colleagues brought about 15% and 12% of cyber incidents respectively when they breached security protocols.
In terms of individual employee behavior, the most common problem is that employees deliberately do what is forbidden and, conversely, they fail to perform what’s required. Thus, respondents claim that a quarter (35%) of cyber incidents in the last two years occurred due to the use of weak passwords or failure to change them in a timely manner. This is 10% higher
than the global result of 25%.
The survey was conducted across 19 countries: Brazil, Chile, China, Colombia, France, Germany, India, Indonesia, Japan,
Kazakhstan, Mexico, Russia, Saudi Arabia, South Africa, Spain, Turkey, UAE, UK and USA.
Another cause of almost one third (32%) of cybersecurity breaches were the result of staff in APAC visiting unsecured websites. Another 25% report they faced cyber incidents because employees did not update the system software or applications when it was required.
