Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/27/2020
05:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Kaspersky Finds 30% of IT Security Managers Missed Important Personal Events Due to Data Breaches

Woburn, MA – April 22, 2020 – The latest Kaspersky report, “Taking care of corporate security and employee privacy: why cyber-protection is vital for both businesses and their staff,” highlights the ‘human side’ of cybersecurity incidents by examining the discomfort and losses employees face following corporate breaches. According to the report, 30% of employees who are involved in the aftermath of an incident missed an important personal event, had to work over night (32%) or suffered additional stressors (33%). A quarter of respondents even had to cancel vacations (27%).

Work-related stress encroaches on personnel work-life balance, efficiency and motivation, with 76% of employees feeling it impacts personal relationships, and 16% reporting they even quit their current job because of it. Stress levels must be considered, especially now when so many employees are working from home and struggling to maintain a productive working routine. For businesses, stress can create an overall decrease in employee efficiency, affecting business performance and ultimately leading to direct financial losses.

As Kaspersky’s report has revealed, cybersecurity incidents may contribute to a negative work experience. In fact, this has already happened in around half of SMBs (48%) and enterprises (53%) that experienced at least one data breach last year. The chart below reveals the personal consequences that IT and IT security managers face following a data breach. Stress is again the most likely ramification: a third (33%) of administrators fell into much more stress than they would usually, regardless of the size and IT maturity of the company.

If a data breach occurs, IT and IT security teams have to investigate the incident, make the necessary updates, fix the system and take measures to prevent an attack being repeated. As a result, a third of managers worked over night or had to incur overtime at work (33% for SMBs and 32% for enterprises). This can also result in other tasks and deadlines being pushed back in more than a quarter of both SMBs (27%) and enterprises (26%).

When talking about corporate cybersecurity incidents, we often focus on the effect it has on business like financial loss, customer trust and other corporate consequences, but there is another aspect to consider such as how employees deal with such cases,” comments Alena Reva, vice president of human resources Americas at Kaspersky. “It’s needless to say that additional stress at work or a disrupted work-life balance affects employee’s productivity and, even more critically, their mental and physical health. This shouldn’t be underestimated as these factors can affect business if staff members share their negative feelings outside the organization, impairing its reputation and brand as an employer. This can be especially critical for businesses that recently experienced data breach as its wider reputation is already under attack.”

The following steps can help organizations keep the impact of a breach on staff to a minimum:

· In the time of crisis, be transparent with your people. Keep employees informed on what’s going on, what it means to the business and to them and make sure they know who to contact about any issues. It is especially important for when employees are working remotely for a sustained period when staff are often isolated from each other. If a data breach affected employees’ personal data, make sure they acknowledge it from you and not from the media or newspapers.

· In ‘peace time,’ it is best to prepare a list of steps for an IT department in case of an incident: who to inform first, who is responsible for what and what steps should be made. This helps employees feel prepared and can relieve potential panic and stress.

· If a breach occurs, focus on properly investigating the causes and consequences instead of just searching for any guilty staff.

· Any crisis can be seen as a time of opportunity. Explain to employees that their help in this situation is crucial and they can prove themselves and their actions will be positively noted.

· Create a corporate culture where all employees understand the importance of cybersecurity. Teach them how cybersecurity incidents can occur and what the consequences are. Explain to employees how following simple rules can help a company avoid cybersecurity incidents via training courses, such as the ones provided in the Kaspersky Automated Security Awareness Platform.

· Breaches can draw media attention, which results in unwanted public exposure. Kaspersky Incident Communications training helps to upskill corporate communications teams to operate optimally during a cyberattack.

For more information, please visit the official Kaspersky report.

To learn more about how Kaspersky products can minimize the risk of a data breach, visit the Kaspersky Endpoint Security Cloud product page.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/4/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13768
PUBLISHED: 2020-06-04
In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.
CVE-2020-13849
PUBLISHED: 2020-06-04
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.
CVE-2020-13848
PUBLISHED: 2020-06-04
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
CVE-2020-11682
PUBLISHED: 2020-06-04
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request ...
CVE-2020-12847
PUBLISHED: 2020-06-04
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console� that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the applicat...