As per a recent report from Tessian, more and more firms are terminating their employees due to their cyber mistakes. However, incorporating this approach can hurt cybersecurity in the long-run.
Transparency has become a critical factor in the success of cybersecurity as organizations need to ensure a secure working environment moving forward. But, the advancement in sophisticated attacks has resulted in more and more employees falling victim to them. On top of that, with organizations firing their employees due to cyber mistakes, employees are not reporting incidents to IT. In fact, as per a 2022 study by Tessian titled “Psychology of Human Error report,” one in four employees (26%) lost their jobs in the last 12 months after making mistakes that compromised the infrastructure security.
A few of the interesting key findings of the survey include:
- Around 40% of the employees sent an email to the wrong recipient. Almost 29% of the respondents stated that their business lost a client or customer due to this error.
- Nearly 36% of the survey respondents have admitted that they made a mistake at work that compromised security and fewer are reporting the security incidents to the IT.
- Around 29% of the employees stated their business lost a client or customer after they sent an email to the wrong person, up from 20% in 2020.
- More than 35% of the respondents had to report the accidental data breach to their customers resulting in breaking the trust they had developed with them.
When asked the reasons behind these mistakes, 50% of the respondents stated that they had sent the emails to the wrong recipients since they were under pressure to send the email quickly, up from 34% as reported by Tessian. Over 40% of the respondents cited distractions and fatigue being the primary reason for falling victims to phishing attacks. When compared to Tessian’s 2020 study, more employees attributed the cause of mistakes to fatigue and distraction in the past year.
As per Tessian’s report, while the number of employees who fell for phishing attacks only increased by one percent in the past year, they are more likely to fall victim to advanced phishing attacks than they were in 2020.
Over 52% of the employees stated they fell for phishing emails since the threat actor impersonated a senior executive at the firm. Employees are also susceptible to phishing attacks over SMS (smishing) with over a third of respondents falling for smishing requests in the last 12 months compared to just 26% of those who fell for phishing scams over email.
The statistics highlight the sophistication of cyber-attacks has made employees increasingly vulnerable to them. To prevent impact and lessen the probability of employees making a mistake, IT and security teams must get visibility into the human layer of an enterprise.
IT and security leaders should create an environment where employees can admit their mistakes without being constantly afraid to lose their jobs. Instead of forcing employees into compliance, organizations should take initiatives that will strengthen their trust with their employees. Cybersecurity leaders should foster a culture that improves security behaviors by providing people with the support they need to make informed, safer decisions at work.