Employee error the biggest cause of cyber-security issues in Asia-Pacific
- Champa Ha
One of the biggest causes of cyber-issues experienced in the Asia-Pacific region is due to deliberate security protocol breaches by employees, with around a third of business cyber-issues caused by human error.
This was one of the findings found by Kaspersky, a Russian multinational cybersecurity and anti-virus provider, which surveyed 234 respondents from the Asia-Pacific region, comprising of IT security professionals from small and medium enterprises (SMEs) and larger organisations worldwide. The survey found that policy breaches by regional employees were one of the biggest issues faced by IT security, along with genuine mistakes.
With 33% of business cyber-issues due to deliberate security protocol breaches by employees, and 40% of breaches caused by hacking, the figures slightly exceed the global averages of 26% for employee violations and 30% for hacking incidents.
The study found that intentional cybersecurity rule breaches occurred among IT and non-IT staff, with senior IT security officers responsible for 16% of cyber incidents, surpassing the global average. Breaches by other IT and non-IT staff resulted in 15% and 12% of incidents, respectively. The reasons for the breaches were attributed to common problematic employee behaviours, such as using weak passwords or failing to update them, employees visiting insecure websites, delayed software or application updates, and unapproved data-sharing methods.
READ MORE: The biggest risk to cybersecurity? Employee burnout
According to Adrian Hia, Managing Director for Asia Pacific at Kaspersky, the continual breaches of basic security policies by employees, despite high-profile cyberattacks, were concerning. “A multi-departmental approach to building a strong enterprise cybersecurity culture is urgently needed to address this human factor gap that is being exploited by cybercriminals,” Hia added.
Alexey Vovk, Kaspersky’s Head of Information Security, agreed, advocating the establishment of a strong cybersecurity culture within organisations from the outset, such as formulating and enforcing stringent security policies and enhancing employee awareness about cybersecurity, reported TechWireAsia.