Hackers mainly capitalise on staff weaknesses to strike

Employees are the most likely source of cybersecurity incidents in an organisation, second only to malware, a report by Kaspersky has revealed.

According to the global research, one out of three targeted attacks on businesses in the last year had phishing or social engineering at its source. For example, a careless accountant could easily open a malicious file disguised as an invoice from one of a company’s numerous contractors. This could shut down the entire organisation’s infrastructure, making the accountant an unwitting accomplice to attackers.

Employee carelessness is thus one of the biggest chinks in corporate cybersecurity armour when it comes to targeted attacks. While advanced hackers might always use custom-made malware and hi-tech techniques to plan a heist, they will likely start with exploiting the easiest entry point – human nature.

“Cybercriminals often use employees as an entry point to get inside the corporate infrastructure. Phishing emails, weak passwords, fake calls from tech support – we’ve seen it all. Even an ordinary flash card dropped in the office parking lot or near the secretary’s desk could compromise the entire network,” says David Jacoby, Security Researcher at Kaspersky Lab. “All you need is someone inside, who doesn’t know about, or pay attention to security, and that device could easily be connected to the network where it could cause havoc.”

It was further noted that employees hide IT security incidents in 40 per cent of businesses globally. With 46 per cent of global IT security incidents caused by employees each year, this vulnerability must be addressed on many levels, not just through the IT security department.

While malware is becoming more sophisticated, the sad reality is that the human factor can pose an even greater danger.