Employees are almost as dangerous to business security as hackers and cybercriminals

Non-malicious insiders are among the top three threat actors, according to an ISACA report.

5 reasons your employees are a security threat to your business Recent research indicates that employees are responsible for a large percentage of cybersecurity incidents. Here are five ways they're creating vulnerabilities.

Cyberattack volume continues to increase, but many of these attacks go unreported, according to Monday's 2019 State of Cybersecurity Study from IT and cybersecurity association ISACA.

Of the 1,500 cybersecurity managers and practitioners surveyed globally, about half reported an increase in cybersecurity attacks on their organization this year. Nearly 80% said it is likely that they will experience an attack next year, the report found.

SEE: 27 ways to reduce insider security threats (free PDF) (TechRepublic)

Top attack vectors remained nearly the same year over year, according to the report. Here are the top three threat actors to businesses:

  1. Cybercriminals (32%)
  2. Hackers (23%)
  3. Non-malicious insiders (15%)

The fear of employee errors causing cybersecurity breaches is well-documented. Employee mistakes and system errors are a larger threat to data security than hackers or insiders, one report found, while 75% of IT professionals say they are vulnerable to insider threats, another survey said.

Employees who inadvertently cause a security incident may find themselves in big trouble: 33% of CEOs surveyed said they would terminate the contract of employees who were responsible for a data breach, a recent Nominet report found.

In terms of attack types, phishing, malware, and social engineering topped the list for the third year in a row, the report found.

Underreporting cybercrime is also an issue, the report found: Half of all cybersecurity professionals surveyed said they believe most enterprises underreport cybercrime, even when it is required to do so.

Also concerning is the finding that only one in three cybersecurity leaders reported having high levels of confidence in their cybersecurity team's ability to detect and respond to cyberthreats.

"The cyber landscape is complex. Cybersecurity, though in focus today, suffers from a siloed
and static approach," Renju Varghese, fellow and chief architect of cybersecurity and GRC at HCL Technologies Ltd, said in a press release. "Many teams are missing the attacks that significantly impact organizations because they don't have the size or expertise to keep up with the attackers and are overwhelmed. Moreover, their existing security tools and processes are segregated and seldom work in tandem, leaving the teams staring at multiple consoles and drowning in alerts and incidents."

To improve your organization's cybersecurity posture, professionals should analyze their company's cyber reporting structure, prevalent attack methods, and team readiness to increase resilience to threats, the report noted.

For more, check out How to improve cybersecurity for your business: 6 tips on TechRepublic. 

Also see