The human factor is a key concern for businesses trying to keep networks secure, according to Kaspersky Lab's State of Industrial Cybersecurity 2018 survey. With 40% of Internet Connection Sharing (ICS) computers undergoing attacks every six months, companies must try and find ways to end dangerous employee behaviors, said the press release.
"The human factor is an evergreen problem in ICS security," said the press release. And human employees are actually a huge problem in all of cybersecurity, with most cyberattacks designed to take advantage of human errors rather than flaws in software. Whether it's clicking on malicious links or accepting fraudulent emails, nearly half (49%) of organizations in all sectors face critical security consequences due to employee errors, according to the release.
SEE: Web server configuration and management policy (Tech Pro Research)
In order for companies to mitigate human errors, they must educate employees on best practices in cyberdefense, said the release. Safety measures and procedures for ICS networks should be in place, but arming staff with the knowledge of how to protect themselves is just as valuable.
"Incidents caused by accidental actions of employees can lead to data leaks and the failure or complete shutdown of production processes. For enterprises, this could lead to huge financial and reputational losses," said Georgy Shebuldaev, Head of Kaspersky Industrial Cybersecurity Business Development, in the press release. "To stop this from happening, a combination of technical and administrative measures are required, which includes both the training of personnel and implementation of specialised cyberdefense systems for all levels of industrial infrastructure."
Human vulnerability isn't the only reason networks can't stay secure, understaffing and underinvestment by senior management are also critical issues, according to the report. Specifically in the manufacturing industry, the majority of organizations (61%) have trouble hiring security management with the proper skills. Additionally, 66% of manufacturing businesses don't have a dedicated budget for the security of critical infrastructure, which could leave systems vulnerable to attack.
The big takeaways for tech leaders:
- Nearly half (49%) of businesses face the threat of cyberattacks because of employee error. — Kaspersky Lab, 2018
- In order to protect against the human factor in security, organizations must educate employees on cybersecurity practices and give them the right tools to stay protected. — Kaspersky Lab, 2018
- Eight things you should know before launching a cybersecurity career (free PDF) (TechRepublic)
- Majority of enterprises admit they are vulnerable to insider threats (ZDNet)
- NIST Cybersecurity Framework: A cheat sheet for professionals (TechRepublic)
- Training? What training? Workers' lack of cybersecurity awareness is putting the business at risk (ZDNet)
- Human error led to 424% increase in misconfigured cloud servers, prompting hacks (TechRepublic)
Macy Bayern has nothing to disclose. She does not hold investments in the technology companies she covers.
Macy Bayern is an Associate Staff Writer for TechRepublic. A recent graduate from the University of Texas at Austin's Liberal Arts Honors Program, Macy covers tech news and trends.