Uninformed and careless employees are hiding security incidents from their company, but security policies that are not punitive and don’t foster fear can help.
Workers are hiding cyber-security incidents from their employers, according to a new study, thereby increasing overall damage. The consequences can be dire. Just one unreported incident may indicate a much larger breach, and security teams must be able to quickly identify threats in order to choose the right mitigation tactics. The report, “The Human Factor In IT Security: How Employees Are Making Businesses Vulnerable From Within, ” was conducted by Kaspersky Lab and B2B International. “If employees are hiding incidents, there must be a reason why, ” said Slava Borilin, security education program manager at Kaspersky Lab. “In some cases, companies introduce strict but unclear policies and put too much pressure on staff, warning them not to do this or that, or they will be held responsible if something goes wrong. Such policies foster fears and leave employees with only one option—to avoid punishment, whatever it takes.” He recommends a positive cyber-security culture based on an educational rather than a restrictive approach from the top down. 5,000 businesses worldwide participated in the study.
