American Companies Vulnerable to Cyberattacks Traced to Human Error
According to a recent study, businesses operating in North America are more likely to be vulnerable to cyberattacks than their counterparts globally. And, even more disturbing, a significant number of those data breaches can be traced to problems related to human error, according to Kaspersky Lab.
The study revealed that 44 percent of companies in North America experienced four or more data breaches within the previous year, compared to 20 percent for companies globally. It also found that careless actions by employees contributed to 59 percent of serious data breaches.
“The key point here is that threats are not necessarily getting more sophisticated. It's the growing attack surface that requires more diverse set of protection methods,” said Veniamin Levtsov of Kapersky Lab.
Another report revealed a similar trend. In the BakerHostetler 2016 Data Security Incident Response Report, human error was linked to the leading cause of breaches in 2015, at 37 percent. Other top incidents were phishing/malware (25 percent), external theft of a device (22 percent), and employee theft (16 percent). In 2016, phishing/malware claimed the No. 1 spot, with 31 percent of all incidents. Human error accounted for 24 percent.
Addressing data protection with employees
Employee training. Institute training throughout the company to inform employees of best practices when it comes to data security policies. Go beyond onboarding training. Host sessions that provide updates on the changing nature of cyber threats, and send out reminders of best practices around data security.
Enforce regulations. As the BakerHostetler report revealed, some data incidents related to employees are intentional — with external theft of a device accounting for 22 percent of incidents in 2015. Outline and enforce penalties related to disregard of the company’s policies.
Encryption. As more employees access company information via mobile devices, including laptops and smartphones, it’s important to upgrade data encryption on those devices.
Limit access. Companies can significantly reduce the number of data security incidents by implementing procedures that restrict access to sensitive data to those employees for which it is essential. Access policies should be reviewed regularly to determine if they need to be updated.