Most Cyber Attacks Now Target Employee Negligence

Most Cyber Attacks Now Target Employee Negligence

The general opinion is that you need complex technologies and data security systems to prevent most cybersecurity threats like malware and supply chain attacks. While we may not entirely disagree, any data protection technology is only as effective as your staff can understand and use it. Your employees are your most crucial defense line in the war against cyber-crime, and ironically, the weakest link. Even with the best threat detection and anti-malware systems in place, your networks are only as safe as your staff is cyber-informed.

Employee Cyber Training Reduces Your Risk by Over 70%

As almost every organization is spending thousands of dollars on the most sophisticated data protection software and technologies, cyber actors are gradually redefining the nature of their attacks. Instead of directly targeting vulnerabilities in gateways and other security systems, they are now increasingly going after staff negligence. According to the 2021 IBM Cyber Security Intelligence Index Report, staff error plays a significant role in 95% of successful data breaches. In short, if you can eliminate human error, you can prevent over 90% of cyber incidents.

Types and Examples of Common Human Error

While cyber-attackers target thousands of human errors, we can categorize them into two types:

Skill-Based Error

These are lapses and slips that occur when employees are performing familiar activities. Typically, users know what to do but don’t do so because of distractions, ignorance, memory lapse, not paying attention, or being overwhelmed. For instance, a recent study by FAU shows that an alarming 78% of Americans open suspicious links despite knowing the cyber risks that come with them.

Decision-Based Error

Here, the employee makes wrong decisions because of a lack of knowledge or misinformation on how to handle the circumstance. Sometimes, failure to take action also counts as a decision-based error. For instance, a user may fail to inform the IT support team of abnormal activity in their PCs and, because of their inaction, unknowingly buy more time for cyber actors to launch onslaughts on the entire network.

Top 3 Cybersecurity Mistakes Employees Are Most Likely to Make

Common employee negligence's to look out for include:

1. Misdelivery

The 2018 Verizon's Breach Report ranks misdelivery as the fifth most common root of all corporate breaches. Misdelivery, as the name implies, is sending something to the wrong address or recipient. Cyber actors often use this tactic to trick users into sending them confidential data, like logins and other critical credentials. They can also use misdelivery for direct financial gain.

Let's take the recent Barbara Corcoran, for instance. The unsuspecting bookkeeper who sorted the fake invoice and sent over $400,000 to a foreign account knew what to do. However, they weren't cautious enough to verify what they were doing, resulting in a misdelivery. This incident is a perfect example of an employee skill-based error.

With proper training, your staff can identify such scams and thwart them at the initial stages. Fortunately for Barbara, she recovered all the misdelivered money. However, that's not always the case. And for a small and medium-sized business like yours, losing $400,000, as in Barbara's case, may mean the end of the road.

2. Password-Related Negligence

Passwords are the most basic and arguably most essential security feature in any organization. Unfortunately, we rarely give them as much attention as they deserve. Several people still use simple passwords and barely take complexity and expiration protocols seriously. For instance, the 2019 National Center for Cyber Security report reveals that "123456" remains the most famous password globally. Worse still, it shows that most people use their primary email account passcodes for other services.

Do not assume that your staff understands the vitality of password complexity and expiration. Regular cyber-awareness training will help them create strong and unique passcodes, and why it's crucial.

3. Patching Mistakes

Bad cyber actors are continually looking for vulnerabilities in software. When software developers discover new exploits, they fix and send them out to end-users as patches or security updates. Downloading and installing patches, therefore, means that you have the latest security feature. Unfortunately, several employees lag in the installation of patches. The infamous 2017 WannaCry supply chain attack is a classic case that exploited a software vulnerability to breach thousands of devices globally. The attackers used an exploit dubbed "EternalBlue" which Microsoft had patched a few months before.

While patching is traditionally a role of IT support teams, there's an increasing need to ensure that your staff can handle patches, especially with the new work-from-home norm. Training encompasses evaluating updates for threats and installing them.

How Employee Training Reduces Cyber Risks

Comprehensive cyber-awareness training involves coaching your staff on threat detection and prevention. Educate your employees on the common cyber-attack vectors, tricks to look out for, and how to prevent them. We also recommend occasional simulated attacks to gauge your staff's readiness and cyber-awareness levels. Research shows that a well-planned and properly executed employee cyber-awareness training program can reduce your cyber risk by over 70%. In short, having a cyber-conscious workforce can eliminate 7 out of 10 potential cyber threats.


LeadingIT offers 24/7, all-inclusive, fast, and friendly technology and cybersecurity support for nonprofits, manufacturers, schools, accounting firms, religious organizations, government, and law offices with 10-200 employees across the Chicagoland area.