Security professionals know users are among the greatest security risks to an enterprise. Human mistakes, negligence, or criminal intent among employees result in a high percentage of data breaches.
Twenty-six percent of these errors involve sending information to the wrong person, while 63% of total data breaches are caused by weak or stolen credentials, according to the 2016 Verizon Data Breach Investigation Report (DBIR). Also launched in 2016 was the Kaspersky Cybersecurity Index (KCI), a global study focusing on how users behave online.
7 Key Findings from the Kaspersky Cyber Security Index
The KCI revealed important insight for security professionals about how end users think about cybersecurity issues, both at home and in enterprise settings. Join us as we review seven key findings from this report.
Finding 1. Only One-Fifth of Consumers Feel They May Be Targeted
One of the most surprising pieces of data in the KCI states that just 21% of consumers believe they could be targeted by cybercriminals. An attitude of "it won't happen to me" could be a root cause for poor security behaviors among consumers.
The 2016 Norton Cybersecurity Insights Report found that digital proficiency isn't necessarily connected to secure behaviors. Forty-four percent of millennials have been a victim of online crime, and at the same time, they're more likely than members of other generations to share passwords (31%).
Security professionals are tasked with teaching their colleagues that they could be the target of theft. In workplace information security training, it's wise to provide knowledge on personal risks and best practices such as smarter password management and common security threats.
Finding 2. Most are Still Using Public Wireless
71% of people are using public Wi-Fi hotspots at coffee shops, airports, and other public locations, per the KCI. Even more concerning was the finding that 15% use hotspots to shop, bank, or make payments online.
Public Wi-Fi risks, per the North Carolina Department of Justice (DOJ), include:
- "Evil Twin Networks": When cybercriminals create a wireless network that appears legitimate with the intention of eavesdropping, credentials theft, and other malicious activity.
- Sniffing: The theft and decryption of sensitive information using widely-available technology.
IT pros should continue to educate their users on the risks of public Wi-Fi hotspots and teach their colleagues common-sense tools about disabling automatic connection when in public. While "free" is appealing, the risks of credential or credit card theft are rarely worth it.
To protect your company's data when employees are working off-site, especially if your company features a Bring Your Own Device (BYOD) policy, IT pros should utilize VPN and app segregation to protect sensitive data from risks—even if you assume your employees won't try to do work over public WiFi. For employees who travel frequently, issuing a portable wireless hotspot can also lend protection.
Finding 3: Personal Malware is Rampant
42% of consumers have encountered malware, the KCI found. An additional 22% have experienced a malware-infected device. Other consumer research by Kaspersky Labs shows low awareness rates of security threats, with 43% of consumers admitting they have no idea what ransomware is or what kind of data they could lose through a ransomware attack.
If your employees work on personally-owned devices, malware awareness and threats are a glaring business risk. While VPNs and segregation can protect your business data from exposure, they're not always enough security. Education and the use of real-time file integrity monitoring tools on workstations empowers security teams to reverse malware threats if (and when) they occur.
Finding 4: Consumers Are Skeptical About Security Products
23% of consumers believe security solutions are "just a gimmick," according to the KCI. Widespread skepticism about security products and low adoption rates mean that your employees probably aren't applying updates on a regular basis, either.
While security teams typically set rules and manage updates in a corporate setting, educating your users on important security activities at home can be important. While opting for two-factor authentication isn't always the easiest method, providing education on the security advantage could help your employees' adoption rates rise.
Finding 5: Personal Password Management is Abysmal
The KCI found 51% of consumers use insecure methods to remember passwords. While for many consumers this could mean recycling passwords and insufficiently strong passphrases, it could be much worse for many others. For others, it could mean even worse tactics such as:
- Storing passwords in browser.
- Using shared passwords with friends, roommates, and spouses.
- Sending passwords via email or text.
While you have the means to control poor credentials management in the workplace through policy-based administration and identity management tools, poor personal habits have the potential to impact your workplace security.
Between shadow IT and team culture, IT pros could have unknown risks. Perhaps your accounting team manager allows their staff to store passwords on a sticky note in their desk drawer or maybe several HR employees are sharing just one sign-on for a work app. These problems can best be addressed with a culture that supports and rewards reporting negative security behaviors. Implementing secure, easy-to-use password management technology can also encourage your employees to adopt similar tech at home.
Finding 6: Internet of Things (IoT) is a Struggle
At home, your employees may be more connected than ever. Smart televisions, connected thermostats, and voice-controlled personal assistant technology is more affordable than ever. However, the KCI found a little more than half of consumers use a security solution on every connected device they own.
McAfee reports that 47% of consumers don't know if they are taking the "proper steps" to secure their connected devices at setup. Providing information to your employees on how to protect their increasingly connected homes, such as strong Wi-Fi security and password best practices, could increase adoption of secure IoT.
Finding 7: Consumers Have Some Awareness
Despite the fact that many consumers don't believe they will be targeted, the KCI reported that 70% are aware and concerned about online hacking. Forty-four percent say the data stored on their devices is so sensitive that they wouldn’t want anyone else to see it.
This finding isn't entirely negative. It indicates that your employees understand the gravity of security risks, even if they don't believe their personal data is valuable enough to be targeted. The solution is probably to make security personal. With education on personal risks, you may be able to convince your staff to behave more securely at home and at work.
Putting the KCI's Key Findings to Work
The increasing popularity of bring-your-own-device (BYOD) programs and cloud technology has lead to blurring between workplace and personal tech. Bad security behaviors put your people, their data, and your customers' data at risk.
For IT security professionals, education is crucial. By teaching your employees about risks and best practices, you can highlight the impact of their digital behavior at work, at home, and in public.
As you work towards behavioral and cultural change, technical safeguards can also help you protect your data from theft. CimTrak enables total network oversight, including on workstations. By operating as a system account at the endpoint level, CimTrak is the only file integrity monitoring solution to allow security administrators to reverse negative changes in real-time.
February 23, 2017