Kaspersky Research: Various Reasons For Cyber Incidents Due To Employees

The reason why employees are the cause of the cybersecurity incident occurred in the company (photo: Kaspersky)

JAKARTA - Kaspersky's latest research states that employee violations of information security policies within organizations are as dangerous as external hacker attacks.

The research, which comes from IT workers at APAC MSMEs, revealed that, in addition to original/real errors, the violation of information security policies carried out by employees in the region is one of the biggest problems for the company.

The most common problem is that employees deliberately do what is prohibited and, on the other hand. Therefore, respondents stated that a quarter (25 percent) of cyber incidents in the last two years occurred due to the use of a weak password or failure to change it at the right time.

Another cause of nearly a third (32 percent) of cybersecurity breaches is that staff in Asia Pacific visit unsafe websites. While 31 percent because their employees use an unauthorized system to share data.

Another reason is that staff in other businesses send data to personal email addresses (26 percent), malicious actions taken by employees for personal gain (26 percent), do not update the software or system app when needed (25 percent), and intentionally access data via unauthorized devices (25 percent).

However, another interesting finding is that the intentional violation of information security policies by employees is a relatively large problem in the financial services industry, as reported by 18 percent of respondents in this sector.

"In addition to external cybersecurity threats, there are many internal factors that can cause incidents in any organization," said Alexei Vovk, Head of Information Security at Kaspersky.

Therefore, Vovk broadcasts the importance of considering methods of preventing information security policy violations in ensuring security, for example applying an integrated approach to cybersecurity.