90% of data breaches in the UK during 2019 were caused by human mistakes, Infosecurity Magazine reports. CybSafe analyzed all the data breach reports received by the UK Information Commissioner’s Office (ICO) last year and found that human error was responsible for nine out of ten of these incidents.
45% percent of the 2376 breaches involved users falling for phishing attacks, while unauthorized access made up 33% of the incidents. 10% of the attacks involved the use of ransomware or some other type of malware, and just 2.7% were traced to hardware or software misconfigurations.
In addition, CybSafe found that the number of breaches caused by human error has been increasing, rising from 87% in 2018.
Oz Alashe, CEO of CybSafe, stated that the human element is one of the most important security issues to address, since social engineering is much easier, cheaper, and more effective than purely technical hacking.
“As this analysis shows, it’s almost always human error that enables attackers to access encrypted channels and sensitive information,” Alashe said. “Staff can make a variety of mistakes that put their company’s data or systems at risk, often because they lack the knowledge or motivation to act securely, or simply because they accidentally slip up.”
Alashe emphasized, however, that while employees are the source of this problem, they’re also the solution.
“Employees of course pose a certain level of cyber-risk to their employers, as seen in our findings thus far,” Alashe said. “Nevertheless, people also have an important role to play in helping to protect the companies they work for, and human cyber-risk can almost always be significantly reduced by encouraging changes in staff cyber-awareness, behavior and culture.”
New-school security awareness training can create a culture of security within your organization by teaching your employees how to follow security best practices and thwart social engineering attacks. It can help turn a risky insider into a security-aware employee who makes an organization more resilient.
Infosecurity Magazine has the story: https://www.infosecurity-magazine.com/news/90-data-breaches-human-error/
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
