Businesses face rising network security challenges in 2024
Kaspersky's latest IT Security Economics report highlights that 88% of businesses encountered adversaries attempting to infiltrate their networks over the past year. The report sheds light on the prevalence of network security incidents and provides insights into improving protection measures.
Across 2024, network security incidents dominated the corporate landscape with a large proportion of companies reporting attempts by adversaries to breach their network defenses. More than 60% of these businesses experienced incidents where malicious actors executed code within their networks or sought control of compromised systems.
Large enterprises, despite having extensive protection in place, recorded the highest rate of network security incidents. Small and medium-sized enterprises (SMEs) were not spared either, facing significant challenges with network security. A notable percentage of incidents in these organisations were linked to employee actions, both deliberate and inadvertent.
Network security threats exploit system vulnerabilities to infiltrate company networks and compromise sensitive data and applications. Cybercriminals identifying weak spots can gain unauthorized access to systems, deploying malware and other harmful software. Additionally, these vulnerabilities can serve as entry points for social engineering attacks, increasing risk to individuals within an organisation.
Increasing volumes of digital data contribute to a greater potential for cyber attacks. The evolving complexity of cyber threats poses ongoing challenges for businesses, with adversaries continuously developing new tactics to bypass traditional security measures. These threats range from phishing scams and ransomware attacks to Distributed Denial of Service (DDoS) attacks and Advanced Persistent Threats (APTs).
The report notes that remote work and Bring Your Own Device (BYOD) policies add further complexities to network security. The access of company data from diverse locations and devices heightens the risk of breaches. Insufficient security protocols and the lack of comprehensive employee training contribute to a vulnerable environment susceptible to cyber attacks.
Human error remains a significant contributor to security incidents, with 42% of companies reporting that employee actions, either conscious or unconscious, facilitated adversaries. This issue is particularly pronounced in SMEs, while being less frequent in larger organisations with more resources for security measures.
Employees' mistakes, often resulting from inadequate awareness or training, lead to cyber breaches and data leaks. Phishing attacks exploiting employees to click on malicious links or provide sensitive information are common. Moreover, insider threats, where employees unintentionally or deliberately disclose confidential data, pose significant risks.
The repercussions of employee negligence in cybersecurity are severe, including financial loss, reputational damage, and potential legal consequences. Small and medium businesses are particularly vulnerable due to limited resources for cybersecurity infrastructure and training, making them attractive targets for cybercriminals.
To mitigate risks, Kaspersky suggests companies raise employee awareness of cyber threats and invest in comprehensive training programmes. Regular security audits and monitoring can help identify and rectify vulnerabilities before cybercriminals exploit them.
Specialised cybersecurity solutions can offer real-time protection, threat visibility, and response capabilities suitable for organisations across various sectors. An integrated approach combining technological solutions and proactive employee education is crucial to protect company data and maintain reputational integrity in the digital age.