Kaspersky: Employees Hide The Incidents Of Penetration

Jul

17

2017

Kaspersky: Employees Hide The Incidents Of Penetration In 53% Of Companies In The UAE

Employees are hiding IT breakthroughs in 53% of companies operating in the UAE, according to a new report by Kaspersky Lab and B2B International, “The Impact of the Human Factor on IT Security: How Employees Make Companies Vulnerable to Internal Security Breakthrough ” .

As employees account for 46% of global and worldwide security breaches, Kaspersky Lab believes it is necessary to redress these emerging corporate vulnerabilities by collaborating among different departments, not just through IT security management.

According to the report, uninformed or indifferent employees are among the most likely causes of cyber security incidents, and come second only to malware attacks. “Although malware has become more sophisticated and complex, the sad fact is that the renewed human factor may pose far greater risks.”

Kaspersky Lab’s report pointed out that employee apathy, in particular, is one of the biggest loopholes in corporate e-security when it comes to targeted attacks. With the most sophisticated hackers likely to use custom-designed malware and sophisticated technology to plan piracy and burglary operations, they often launch their attacks by exploiting the weakest and easiest link to access the victim’s network – human or personnel.

According to the study, 26 per cent of targeted attacks on companies in the United Arab Emirates last year included characteristics of phishing attacks / social engineering at source. For example, an indifferent accountant may open a malignant file that has been stamped in the form of an invoice received from one of the company’s many contractors. This fatal error alone may disrupt the entire infrastructure of the organization, making this accountant the unintended partner of the attacker.

“Cybercriminals often take the company’s employees into a gateway to the company’s infrastructure,” says David Jacoby, a security researcher at Kaspersky Lab. We have seen all kinds of attacks, such as e-mail hunting, hacking of weak passwords, phishing calls received by technical support, etc. ”

“One of the normal flash cards lying in a parking lot or near the secretary’s office can also cause a breach of the entire network of the company. The disaster could happen by someone inside who does not know what is going on around him, Security, and we see it quickly binds this device to the network, and thus cause the occurrence of this breakthrough, which causes great damage.

Kaspersky Lab pointed out that sophisticated attacks against companies do not occur daily, but traditional malware strikes collectively and widely. “Unfortunately, the study shows that even when it comes to malware, employees who are indifferent, unconscious and negligent often play a role, causing malicious infections to spread in 55% of the UAE’s penetration,” she said.

In Kaspersky Lab’s view, staff hiding the infiltrations involved could have serious consequences and exacerbate the overall damage. The mere omission of one security incident can indicate a much larger breakthrough, and security teams need to be able to quickly identify the threats they may face to choose appropriate remedial action.

However, some employees prefer to expose the company to risk rather than report any problem they face, either because they fear punishment or are embarrassed that they are responsible for making the mistake. Some companies have applied strict rules and imposed increased liability on staff, rather than encouraging them to be more cautious and vigilant. This leads to the fact that the protection of Internet security is not limited to technology alone, but also to the company’s business approach and training programs. Here comes the role of human resources and senior management.

“Awareness of the problem of concealment of infiltrations should not be limited to staff only, but should also include senior management and human resources management,” commented Salva Borrellen, Director of Kaspersky Lab’s Security Awareness Program. If the staff hide any of these cases, there must be a reason for them to do so. ”

“In some cases, companies apply tough but somewhat ambiguous policies and put enormous pressure on employees and warn them not to repeat it again, otherwise they will be held responsible for any mistakes made. These policies will instill fears in the staff so that they have only one choice to avoid punishment at all costs. If the culture of e-security in companies is positive and based on educational and educational basis, rather than those based on the top-down restrictions of the management hierarchy, the results will certainly be positive. ”

Borrellen also recalls the industrial security model based on reporting and the “learning by mistake” approach. For example, in a recent comment, Elon Mask, chief executive of Tesla, asked him to be immediately informed of any situation affecting the safety of any employee, so that he could play an essential role in the movement for change.

Kaspersky Lab noted that companies around the world are already aware that their employees are making their companies vulnerable to security breaches, with 57% of companies in the UAE recognizing employees as the biggest weakness in their IT security. The need for staff-based procedures is becoming clearer: 39% of companies in the UAE are seeking to improve security by offering training to employees, making it the second most widely used method of e-defense. It is only second in terms of implementing the most advanced programs, according to 39% of UAE companies.

Thus, the best way to protect companies from e-threats related to the human factor is to combine the right tools and appropriate practices. This requires the involvement of human resources and senior management efforts to motivate and encourage staff to be vigilant and seek help in the event of a breakthrough. Training aimed at raising staff awareness and providing clear guidance instead of distributing multi-page brochures, as well as developing and refining staff-based professional skills and creating a stimulating and interactive working environment are the first steps companies should take.

With regard to security technology, most of the threats designed to target employees unaware of security risks or apathy, including phishing attacks, can be addressed and prevented by endpoint security solutions that have the capacity to meet these needs, Where their properties are installed or can be defined in advance to determine the type of protection or advanced security settings available therein, in order to reduce risk.

Viewing:-92

In: Technology & Gadgets Asked By: [17265 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »