Cybersecurity: negligence vs cyber attacks, who causes more damage?
When you think of a cyber attack, you imagine a large company or even government entities as the target, which is why small businesses often believe they don’t need to protect themselves in terms of cybersecurity.
However, an Italian-level study relating to 2022 reported that around 46%, practically half, of cyber attacks are aimed at small-medium businesses, which often find themselves unprepared in responding to such attacks or simply preventing them.
The reason why SMEs have become an interesting target for cybercriminals is related to the bad habits of many employees, especially the negligence related to prevention activities. From an interview conducted with 3,000 managers, therefore senior figures who hold managerial and organizational roles, around 22% of them proved to be unprepared on the subject of cybersecurity.
Out of 100 successful cyberattacks, 95 of them are attributable to human error. A considerable percentage if one considers that it is the companies that pay the price and that this is damage that could easily have been avoided.
So what are the bad practices to be attributed to negligent employees from this point of view?
The first two are known activities that we have already told you about, while the third is a novelty that derives from the pandemic period and from the change of working paradigms.
We use so many passwords in our daily lives that we forget what their real importance is, this attitude leads many people to pay little attention to the choice of their passwords, choosing ones that are very similar to each other or too simple. In the professional field, this leads to serious threats to the employee’s IT security which, once violated, can give access to important data of the entire company.
For many it may be paradoxical to click a link in an email from a suspicious recipient, but the phishing success rate still matters. It should also be added that while certain communications are clearly fraudulent, sometimes the ability to create layouts practically identical to those of extremely common sites, such as Netflix, Amazon or our bank, is becoming remarkable.
BYOD: bring your own device
The change in working paradigms following the pandemic emergency has allowed many employees to work from home, which has led to less use and investment in company devices in favor of personal devices. This practice carries risks: if company computers are in fact controlled upstream with all the preventive measures necessary to protect the company’s security, this does not happen in many personal computers, from which users feel less threatened, but which can become an important means for a cybercriminal who wants to hit a company through an employee’s PC.