[IKTinfo] It is essential to create a culture of cybersecurity from the start

A recent study by Kaspersky Lab, a multinational cybersecurity company, warns that a significant proportion of incidents are caused by employees who do not follow the prescribed security protocols. For example, in the last two years, 26% of cyber incidents occurred after an employee, both ICT and non-ICT, violated procedures. The survey estimates that the level of data disclosure due to breaches has become almost as dangerous for companies as external threats such as intrusions. Around 13% of cyber incidents since 2021 were the result of deliberate information security breaches by ICT security officers. The study found that employees in 12% of the organisations surveyed had deliberately used unauthorised devices to access sensitive data. Other companies reported that 12% of their staff had sent sensitive data to their personal email address. Potentially the most worrying finding is that 20% of malicious actions were carried out by staff for personal gain, which includes circumventing tedious security procedures. Despite the worrying findings on deliberate breaches of rules, the report highlights that the majority of cyber incidents, 38%, are still the result of accidental human error. Malware downloads are the main cause of incidents by non-ICT staff, accounting for 28% of accidental breaches. In a quarter of cases, the use of weak passwords or irregular password updating is to blame for the incident, and in a further 24%, visiting an unsecured website. Unintentional breaches are not only caused by non-ICT staff, as 14% of cyber incidents were attributed to senior ICT professionals due to unintentional human error. Kaspersky stresses the need to create a culture of cyber security in the organisation from the outset, by developing and enforcing security policies and raising awareness among employees. "This will help staff to take a more responsible approach to the rules and clearly understand the potential consequences of their breaches."

More information

The economy, manufacturing, education and other sectors have been subject to increased pressures and changes in recent years as a result of the pandemic and the measures taken to contain it, as well as the Russia-Ukraine war, as confirmed by various surveys and analyses. The Information and Communication Technologies (ICT) sector is also exposed to similar changes, but at the same time it is able to monitor, assess and control changes not only in its own sector but also in all other sectors, which has been a valuable help to all of them in recent years.

ICT helps businesses and institutions in all industries to organise work, adapt operations, streamline operations, process data, evaluate results, predict trends and discover new opportunities. And they enable schools and universities to implement hybrid forms of teaching and meaningful digitisation of learning processes.

This is why we have decided to publish regular summaries of information, assessments, analyses and studies by research and analyst companies that can help everyone to better monitor, learn about and understand changes and trends and to adapt more successfully to the new ICT era.

Prepared by the Department of Information and Communication Technologies in collaboration with Esad Jakupović