• At the same time, staff may lack basic cybersecurity knowledge to protect themselves as only 38% of businesses offer IT security training

A successful corporate cyber-defense is impossible without employees at all levels joining forces. Technology is important to prevent cyberattacks but human factors still play a crucial role, being tied to 85% of incidents. Kaspersky’s global survey of IT business decision-makers provides insights into how well organizations and workers collaborate and protect themselves, their clients and each other.

Despite high-profile cases of data breaches being mainly associated with stealing customer information, personal employee data is very popular with cybercriminals as well. In 2021, more than a third (33%) of organizations weren’t able to provide complete security of their workers’ data and faced incidents involving this type of information.

The fact that 36% of affected organizations haven’t disclosed a breach of personal employee data publicly is a sign that the problem is bigger than it seems. As for the rest, 57% have shared information about an incident proactively and 8% did so after it has been leaked to the media. This shows that this type of leak is the least frequently disclosed, compared to corporate or customer data breaches.

“When an organization faces a cyber-incident, correct crisis communications are no less important than response and recovery actions. There are ever-present risks of data breaches, and businesses should acknowledge that proactive disclosure is preferable to an exposé in the press,” comments Evgeniya Naumova, Executive Vice President, Corporate Business, at Kaspersky. “Appropriate, accurate, and timely communications however, not only minimize the potential reputational damage but can also greatly mitigate direct financial losses. To avoid panic or confusion, a company needs to consider developing a clear crisis plan and train employees in advance. Corporate communications professionals and IT security teams should collaborate to exchange information on cybersecurity insights and determine guides, tools, channels, and language that might be helpful to accurately handle both internal and external communications in case of an emergency,” she continues.

Lack of external knowledge about potential cybersecurity incidents is not usually mitigated by internal efforts. According to the research, only 38% of organizations have already implemented security education and training to ensure that employees are provided with crucial information. In addition, more than a half (76%) of those companies have experienced at least one issue relating to the quality of these services. This includes dissatisfaction with the high complexity of courses and a lack of support or expertise on the part of the training provider.

Employees that had not been provided with basic knowledge about the importance of protective measures, can’t be expected to follow the rules. In 2021, compliance of staff and dealing with insufficient end-user security culture is one of the top three biggest concerns for businesses when it comes to IT security – 38% of respondents cited it among the most alarming issues. In practice, companies regularly face informational security infringements (50%), inappropriate IT resource use (53%), and improper sharing of data via mobile devices (50%).

Breach prevention requires concerted action by everyone who interacts with a corporate system and could be a potential target for attackers. To better secure employees, companies should combine reliable protective measures with maintaining security awareness among their teams. This includes:

  • Ensuring prompt patching and updating of software to prevent adversaries penetrating the system.
  • Implementing high-grade encryption for sensitive data and enforcing strong credentials and multi-factor authentication.
  • Using effective endpoint protection with threat detection and response capabilities to block access attempts, and managed protection services for efficient attack investigation and expert response.
  • Minimizing the number of people with access to crucial data. Breaches are more likely to occur in organizations where too many employees work with confidential and valuable information that can be sold or somehow used.
  • Equipping your employees with the cybersecurity skills they need. Provide education that presents all the necessary and up-to-date information in an engaging format. To save time and receive a quality service, companies should work with globally recognized providers that can ensure an efficient learning process.

-Ends-

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com

[1] https://www.kaspersky.com/blog/employee-wellbeing-2021/ 

Send us your press releases to pressrelease.zawya@refinitiv.com

© Press Release 2022

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.