A recent 2020 report we just discovered confirms what we have been saying for many years now. About 9 out 10 data breaches are caused by your users. We are pleased that the somewhat older data from Trend Micro we were referencing was proven still valid.
Researchers from Stanford University and a top cybersecurity organization found that approximately 88 percent of all data breaches are caused by an employee mistake. Human error is still very much the driving force behind an overwhelming majority of cybersecurity problems.
The study was done by Stanford University Professor Jeff Hancock and security firm Tessian. The study “Psychology of Human Error” highlighted that employees are unwilling to admit to their mistakes if organizations judge them severely.
Understanding the psychology behind human errors helps organizations to know how to prevent mistakes before they turn into data leaks. According to the study, nearly 50% of the employees stated that they are “very” or “pretty” certain they have made an error at work that could have led to security issues to their company. The study goes into detail about the differences between young and older employees, where younger users will more easily admit to mistakes and are also easier to phish.
Other Findings include:
- Nearly 45% of respondents cited distraction as the top reason for falling for a phishing scam.
- 57% of remote workers admit they are more distracted when working from home.
- The top reasons for clicking on phishing emails are the perceived legitimacy of the email (43%) and the fact that it appeared to have come from either a senior executive (41%) or a well-known brand (40%).
“Your employees are focused on the job you hired them to do and when faced with to-do lists, distractions, and pressure to get things done quickly, cognitive loads become overwhelming and mistakes can happen,” the study report concluded. Stepping users through new-school security awareness training is a must that you simply cannot afford not to do.
Full article at CISO MAG.