Throughout 2024, the most common type of security incident faced by companies was related to network protection according to the latest Kaspersky IT Security Economics report. 81% of businesses in Egypt encountered adversaries attempting to infiltrate their network, while 41% of companies reported incidents where bad actors executed malicious code within their network or attempted to communicate with compromised systems and take control.

Large enterprises experienced the highest rate of network security incidents despite having the most comprehensive protection measures in place. Small and medium-sized companies also faced challenges with network security, with a significant percentage of incidents attributed to the deliberate or inadvertent actions of their own employees.

Network security threats are still the most concerning for businesses

Network security threats aim to exploit system vulnerabilities by penetrating company networks and inflicting damage to sensitive data, applications and workloads. When a cybercriminal detects a weak spot in the system, they use it to gain unauthorized access and install malware, spyware, or other harmful software. These weak spots are also a gateway for social engineering attacks, where individuals become an easier target.

As more and more data is created, stored, and transmitted electronically, the risk of cyber attacks that could compromise sensitive information also increases. One of the key factors contributing to the ongoing prevalence of network security issues is the growing complexity of cyber threats. Cybercriminals are constantly developing new tactics and techniques to bypass traditional security measures, making it challenging for businesses to stay ahead of the curve. From phishing scams and ransomware attacks to DDoS attacks and APTs, there are numerous ways in which cyber criminals can exploit vulnerabilities in a company’s network.

Furthermore, the rise of remote work and BYOD (bring your own device) policies has created additional challenges for network security. With employees accessing company data from various locations and devices, the potential for security breaches is heightened. This, combined with the lack of proper security protocols and employee training, creates a vulnerable environment for cyber attacks to occur.

Human factor is another big headache

Human error is another key factor contributing to security incidents. 35% of companies in Egypt reported incidents where their own employees consciously or unconsciously helped adversaries by their action or inaction, with the majority of these occurrences in medium and small businesses, large organizations faced this problem much less often.

Mistakes or negligence by employees, whether due to a lack of security awareness or insufficient training, are leading causes of cyber breaches and data leaks in organizations. Phishing attacks, where employees unwittingly click on malicious links or provide sensitive information to scammers, are a common threat. Insider threats, where employees intentionally or unintentionally leak confidential data, can also pose a significant risk to a company’s security. The consequences of employee negligence in cyber security can be severe as data breaches often result in financial loss, damage to a company’s reputation, and legal repercussions. In extreme cases, companies may face fines and legal action for failing to adequately protect sensitive information.

SMBs are often more vulnerable to data breaches caused by their own employees than large corporations which have more resources to invest in robust cyber security measures and employee training. Small and medium-sized companies may lack the necessary infrastructure and awareness to adequately protect their sensitive information, making them an easy target for cyber criminals looking to exploit weak links in the security chain.

Recommendations for better protection

To mitigate the risk of cyber attacks caused by human error, companies must take steps to raise awareness among employees about cyber threats and invest in comprehensive cyber security training programs.

Regular security audits and monitoring can help identify vulnerabilities and address them before they are exploited by cyber criminals. While specialized solutions such as those provided as part of the Kaspersky Next product line can protect a company’s assets with real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organizations of any size and industry.

Ultimately, a combination of technological solutions and proactive employee education is essential in safeguarding a company’s data and reputation in the digital landscape.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Follow us on: