Are you sure?

Careless employees pose greatest cyber risk, EY says

Nearly 80% of firms in Hungary were affected by some kind of cybersecurity incident in recent months, with successful attacks usually targeted at employees of companies, according to a survey of 50 company and IT heads by professional services firm EY.

According to EY Cybersecurity branch head Mihály Zala, the security of an organization relies on three components: the employees, the processes, and the technological background.

"The most critical element is the human one," says Zala. "Therefore the most important step is the proper and continuous education of employees, which may increase a companyʼs security level by as much as 80%."

Some 78% of Hungarian companies were affected by a cybersecurity incident in the past 12 months, with attacks mostly directed at data related to users and clients (75%). The second most popular target was financial information and strategic plans, according to the experts asked by EY.

About 28% of respondents said their firm has obsolete security protocols, while approximately 38% said their employees are unaware of methods to prevent leaking crucial information. The greatest obstacles for improving the situation were cited as a lack of commitment from leaders (40%), lack of technological knowledge (35%), and lack of experts (22%).

EY notes that employees are especially prone to leaking sensitive information, as clicking on a phishing e-mail, or even letting a stranger into the companyʼs building, may cause serious damage.

Sometimes, having an IT security strategy for all employees is not enough, argues EY. In many cases, cybercriminals get into a companyʼs system via subcontractors with weaker security systems. EY suggests involving external experts in order to check whether such contractors are maintaining a high enough standard of security.