One in four workers have hidden cyber security incidents from their employers in order to avoid punishment, according to a new report exploring the human side of security.
According to research by Kaspersky Lab, employees at 40 per cent of firms around the world have swept incidents under the carpet, with the likelihood increasing at larger organisations.
45 per cent of enterprises with more than 1,000 employees, 42 per cent of SMEs with between 50 and 999 workers and 29 per cent of small businesses with fewer than 50 workers have had employees hide incidents – a potentially costly trend that hinders efforts to make firms more secure.
“The problem of hiding incidents should be communicated not only to employees, but also to top management and HR departments,” said Slava Borilin, security education programme manager at Kaspersky Lab. “If employees are hiding incidents, there must be a reason why.
“In some cases, companies introduce strict, but unclear policies and put too much pressure on staff, warning them not to do this or that, or they will be held responsible if something goes wrong.
“Such policies foster fears, and leave employees with only one option — to avoid punishment whatever it takes. If your cyber security culture is positive, based on an educational approach instead of a restrictive one, from the top down, the results will be obvious.”
The survey also found that uninformed and careless employees were one of the most common causes of cyber incidents. The results showed they were second only to malware. Accordingly, businesses’ three biggest cyber security fears all centre around the human factor.
47 per cent of firms worry about employees sharing inappropriate data via mobile devices, 46 per cent are concerned about the loss of mobile devices and 44 per cent fear the inappropriate use of IT resources by employees could expose them to security risks.
“Cyber criminals often use employees as an entry point to get inside the corporate infrastructure. Phishing emails, weak passwords, fake calls from tech support – we’ve seen it all,” said David Jacoby, security researcher at Kaspersky Lab. “Even an ordinary flash card dropped in the office parking lot or near the secretary’s desk could compromise the entire network.
“All you need is someone inside who doesn’t know about or pay attention to security and that device could easily be connected to the network where it could reap havoc.”
For more from the survey, see the Kaspersky Lab website.