A new study looked at why people make cybersecurity mistakes that can easily lead to breaches and other major events. It turns out that it's not a question of “if” but of “when,” as most people make mistakes during their tenure in any company.
The bigger the company, the greater the chance that someone will eventually make a mistake. Even if employees are the most crucial asset for an organization, they are also the weakest cybersecurity link. It's much easier for bad actors to trick people into giving them access to the network than actually breaching security the hard way.
Some mistakes made by employees can devolve into more serious situations, where hackers use the information they got to breach the security of a company and either steal data or compromise the infrastructure. In many cases, mistakes stem from a lack of training that leaves companies and employees exposed.
But it's not enough to enumerate how many breaches happened because of mistakes, even though it's a relevant number. Understanding why that happens is just as essential, especially if the goal is to create a more secure environment.
"Our research reveals how distraction, stress and fatigue influence people's ability to consistently make good cybersecurity decisions, and how the events of 2020 have highlighted why now - more than ever - businesses need to protect their employees," reads the study.
The researchers looked at some cybersecurity issues, including clicking on a phishing email at work or sending an email to the wrong person. It turns out that 1 in 4 workers clicked on phishing links, and 58% of employees have sent an email to the wrong person at work.
These mistakes don't happen in a void. They are shaped by a variety of factors that must be taken into consideration. One reason could be that 57% of employees are more distracted when working from home, and that seems logical. But younger workers are 5x more likely to make mistakes with security consequences, which also means that it's a matter of experience.
Also, more than 50% of employees will make mistakes when stressed and 43% will make the same mistake when tired. Compounding the problem is the fact that 93% of staff are either stressed or tired at work and a third of all employees rarely or never think of cybersecurity.