88 percent of companies faced malicious actors attempting to infiltrate their networks, while more than 60% of companies reported incidents where criminals executed malicious code within their networks or attempted to communicate with compromised systems and take control.
Large enterprises experienced the highest number of network security incidents, despite having the most comprehensive security measures in place. Small and medium-sized businesses also faced challenges in network security, with a significant portion of incidents attributed to the deliberate or inadvertent actions of their own employees.
Network security threats remain the most concerning for companies
Network security threats target the exploitation of system vulnerabilities by infiltrating corporate networks and causing damage to sensitive data, applications, and workloads. When a cybercriminal discovers a weakness in the system, they exploit it to gain unauthorized access and install malware, spyware, or other harmful software. These vulnerabilities also serve as gateways for social engineering attacks, making individuals easier targets.
With the increase in electronically created, stored, and transmitted data, the risk of cyberattacks that jeopardize sensitive information also grows. A significant factor contributing to ongoing network security issues is the increasing complexity of cyber threats. Cybercriminals are continuously developing new tactics and techniques to bypass traditional security measures, making it challenging for companies to stay ahead. From phishing scams and ransomware attacks to DDoS attacks and APTs, there are countless ways cybercriminals can exploit vulnerabilities in corporate networks.
Moreover, the rise of remote work and BYOD (bring your own device) policies has created additional challenges for network security. With employees accessing corporate data from various locations and devices, the likelihood of security breaches increases. This, combined with the lack of proper security protocols and employee training, creates a vulnerable environment for cyberattacks.
The human factor is another major headache
Human errors are another significant factor contributing to security incidents. Forty-two percent of companies reported incidents where their own employees knowingly or unknowingly assisted hackers through their actions or inactions. The majority of incidents occurred in SMEs; large organizations experienced this much less frequently.
Errors or negligence by employees, whether due to a lack of security awareness or insufficient training, are the primary causes of cyber breaches and data leaks in organizations. Phishing attacks, where employees unknowingly click on malicious links or provide sensitive information to scammers, pose a common threat.
Insider threats, where employees intentionally or unintentionally leak confidential data, can also pose a significant risk to a company's security. The consequences of employee negligence in cybersecurity can be severe. Data breaches often lead to financial loss, reputational damage to a company, and legal consequences. In extreme cases, companies may face fines and legal actions if they fail to adequately protect sensitive information.
SMEs are often more vulnerable to data leaks caused by their own employees than large companies, which have more resources to invest in robust cybersecurity measures and employee training. Small and medium-sized businesses may lack the necessary infrastructure and awareness to adequately protect their sensitive information, making them easy targets for cybercriminals looking to exploit weak links in the security chain.
Recommendations for better protection
To reduce the risk of cyberattacks due to human errors, companies should raise employee awareness of cyber threats and invest in comprehensive cybersecurity training programs.
Regular security audits and monitoring help identify and address vulnerabilities before cybercriminals can exploit them. Specialized solutions, such as those in the Kaspersky Next product line, provide real-time protection, threat visibility, EDR and XDR investigation and response capabilities for organizations of all sizes and sectors.
Ultimately, a combination of technological solutions and proactive employee training is essential to protect a company's data and reputation in the digital landscape.
