A new study shows a vast majority of C-level executives see employee negligence as one of their most pressing security risks.
When most security professionals think about “insider risk”, thoughts turn to the malicious insider. And rightly so, as we’re so focused as an industry on the malicious external attacker, that the assumption is that the insider must be an evildoer as well.
But new research shows that malice isn’t always the root of the problem; according to the 2018 State of the Industry report from document destruction company Shred-It, employee negligence should be getting serious focus. Negligence encompasses both employee action and inaction; failing to follow security protocol, opening suspicious email attachments, losing company devices containing sensitive data, etc.
Shred-It found that nearly half of data breaches (47%) reported by C-level execs are caused by human error or accidental loss. Take the case of Florida marketing and data aggregation firm, Exactis, who left a database containing 340 million personal data records exposed to the Internet. It wasn’t a malicious act that caused this, but pure employee negligence.
And when employees work remotely, the issues of negligence exacerbates; Shred-It found that 86% of C-level executives believe the risk of a data breach is higher when employees work remotely. With 88 percent of U.S. mid-size and enterprise organizations, and 48 percent of small businesses using flexible and/or off-site working models, this is a material issue.
Regardless of your organization’s working model, the way to counteract employee negligence is to elevate their security awareness. Through security awareness training, organizations integrate the idea of “always-on” security mindedness into their employees, lowering the risk of becoming victim to a phishing scam, falling prey to ransomware and other malware attacks, and simply being negligent.
Cyber-attacks are rapidly getting more sophisticated. GDR Group will help train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now and email firstname.lastname@example.org to request a quote for Security Awareness Training and Phishing Testing for your organization.