Corporate security, the human factor is the weak link in the chain

According to a Kaspersky Lab study, 46% of IT attacks are caused by employees who are not prepared to face a hacker violation

One of the main causes of violations suffered by companies is the employee, who is not sufficiently prepared to face a hacker attack and is often the unwitting accomplice of hackers. A situation that is also confirmed by the latest survey conducted by Kaspersky Lab.

The study, entitled "Human Factor in IT Security", focuses on employees, easy targets chosen by cyber criminals to hit a company and spread the threat. In fact, as other research suggests, the human factor is often a danger to a company's cybersecurity. A malicious file contained in an email and opened lightly can carry the infection throughout the security system. According to Kaspersky Lab's survey, about 28 percent of targeted attacks on businesses occur through phishing or social engineering, techniques that require the unintentional cooperation of employees.

Employees and cybersecurity

In the case of phishing, opening a malicious attachment or a malicious link is enough to compromise the corporate security network. The problem is that only a fraction of employees are able to detect an attempted hacking attack. Sometimes, and we get into social engineering, hackers with simple tactics manage to obtain confidential information, to be used to plan their attacks.

A part of the violations are hidden

One of the most serious aspects, emerged from the Kaspersky Lab survey, is that 40% of workers do not report violations to the company. For a variety of reasons, ranging from the fear of suffering some retaliation to the shame of having fallen into the trap of hackers. A worrying fact, considering that 46% of the attacks are caused by the employees.

A cybersecurity culture is needed

A large part, then, often has no hesitation in using personal tools in the company, such as USB keys and other external devices, which can contain malware and infect computers. Companies, therefore, should consider, as many experts have been saying for years, the preparation of their employees. Unfortunately, especially in Italy, a real culture of cybersecurity is lacking. A gap that can cost, as we have seen, very dearly. Especially considering the transition to Industry 4.0, a processing technique based on automation and connected machines.