A new report says that negligent employees are the root cause of most cyber security incidents.
54% of IT professionals point the finger at negligent employees as the main cause of most cyber security issues according to a report by Keeper Security and the Ponemon Institute. The report, titled “2017 State of Cybersecurity in Small and Medium-sized Businesses,” came out on Tuesday.
The study was conducted by polling 1,000 IT professionals from small and medium-sized businesses across North America and the UK. Their responses shed light on some troubling developments, especially considering how profound an impact cyber security incidents can have on small and medium-sized businesses. According to the National Cyber Security Alliance, 60% of the SMBs that suffer a cyber attack go out of business within six months of the incident.
Per the Ponemon report, over 50% of the SMBs surveyed had experienced a ransomware attack in the past year. And, circling back to negligent employees, 79% of those attacks came as a result of phishing or some other form of social engineering.
Granted, the word “negligent” may be a little harsh considering how convincing some of these attempts are – just the other week we talked about how a college in Canada got phished for nearly $12-million after attackers pretended to be the school’s construction partner – but it is employee error that is allowing many of these attacks to succeed.
The report also found that over 61% of SMBs had been breached in the past year, up from 55% in 2016. The amount of data being stolen during breaches rose as well, from 5,079 records in 2016 to 9,350 this year.
Beyond negligent employees, many of the IT professionals surveyed voiced concerns over their companies’ password policies – or lack therof. Only 43% of those surveyed said their company had one in place.
Here are a few other key takeways:
- 50% of US companies’ data can be accessed via employees’ tablets or smartphones.
- 56% of IT professionals believe that IoT devices are their network’s most vulnerable endpoints.
- The report estimates the average price of an attack at over $1-million.