Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //


09:35 AM
Larry Loeb
Larry Loeb
Larry Loeb

Employees Remain the Weak Link in Your Company's Cybersecurity Plans

Another report, this time from Finn Partners Research, shows that employees remain the weakest link in the cybersecurity chain.

Who's the biggest threat to your enterprise's security? It might be the guy or gal sitting right next to you.

Your fellow employees are, unsurprisingly, the deadliest cybersecurity risk that organizations face today. That's the finding of a new study released by Finn Partners Research, "Cybersecurity at Work." The report is based on questions sent to 500 full-time office employees across the US.

The survey was completed in June, and the respondents held full-time positions in an office environment that had more than 100 employees.

For example, the study found that nearly two in five workers admitted to clicking on a link or opening an attachment from a sender they did not recognize. (See Email-Based Attacks Still Wreaking Havoc on Enterprises, Study Finds.)

Additionally, more than half of employees -- 55% -- are using their personal devices for work, thanks to the BYOD effect. This means an increased vulnerability to hackers, malware and data breaches because of the unsupervised environment of the devices. (See ISF: Balance Is Key to Mobile Security.)

(Source: iStock)\r\n
(Source: iStock)\r\n

Further illustrating poor practices, only 26% of the surveyed employees changed their login credentials and passwords for personal and work applications at least once a month.

Jeff Seedman, a senior partner at Finn Partners, noted in a statement:

The fastest and easiest way for bad actors to gain access to sensitive organizational data is for employees to click on nefarious links -- we know that around 40 percent of our workforce is engaging in such behavior. While 31 percent of respondents have already been a victim of a breach or attack, the behavior patterns to elicit security breaches remain.

However, training by the IT and security departments to counter these behaviors is limited.

In the survey, about 25% of respondents reported that they receive "cyber hygiene" training on a monthly basis from their IT team. This includes the updating of operating systems on devices, checking for security patches, as well as changing passwords.

Another 29% report that they had quarterly training in this area, while 19% receive bi-annual training and 23% receive annual training.

Still, 93% of the respondents believe that their company takes adequate cybersecurity measures to protect their personal and corporate data. Amazingly, 94% of those surveyed believe they are doing their part in helping to keep their company's data secure.

Zero in on the most attractive 5G NR deployment strategies, and take a look ahead to later technology developments and service innovations. Join us for the Deployment Strategies for 5G NR breakfast workshop in LA at MWCA on September 12. Register now to learn from and network with industry experts – communications service providers get in free!

Of course, what specifics "their part" is up to the interpretation of who is evaluating it.

The report also asked respondents if they were dissatisfied with their jobs, would they take the company's corporate security less seriously. Of those surveyed, 79% said no, 16% said yes, and 4% said they didn't know.

Employees also considered themselves at risk from a corporate cybersecurity standpoint. Specially, 37% expressed that their biggest worry from a breach would be that their device would get a virus, as opposed to only 19% who worried most about leaking corporate data or the 19% that thought such a breach would cost the company a lot of money.

This report shows that employees need to be aggressively counseled about cybersecurity. Left to their own impulses they can indulge in unsafe behaviors, perhaps abetted by the BYOD phenomenon.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-10-15
Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
PUBLISHED: 2021-10-15
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
PUBLISHED: 2021-10-15
Yealink Device Management (DM) allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
PUBLISHED: 2021-10-15
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
PUBLISHED: 2021-10-15
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.