Connect with us
Security Breaches Security Breaches


Employees: The Culprits of Security Breaches?

 4 min read / 

A senior sales executive in a medium-sized company is having a business meeting with a third party at a café bar – a potential client with whom the executive has never met with before. All the executive knows about this person is a name, the organisation, reason for meeting and a few contact details. The executive is armed with a company laptop and is responsible for this vital piece of mobile equipment until the end of the employment tenure. This laptop is placed on a table as the executive engages in a brief introduction about the company and purpose of the meeting.

Before the start of the meeting, however, the executive decides to offer the client a drink and a snack – of course, all on the company’s tab. The executive proceeds to the bar to order the drink with the laptop in full view to not only the client, but the world passing by. Is there anything wrong with this scene? Possibly not, if seen through the lenses of an executive under pressure from the management’s hierarchy to deliver another sale, and all that is relevant to an executive is to make the client as comfortable as possible and deliver the goods for the firm.

This is a scene which occurs daily to organisations and their employees around the world and that is the lack of awareness of security breaches that happen in cases such as this. Third parties (for example, potential clients which the security industry frequently refer to as vendors) are amongst the top six culprits when it comes to cybersecurity breaches, and examples such as this occur hundreds of thousands of times a day around the world. As executives are under sustained pressure to deliver sales in a target driven and increasingly competitive business landscape, incidents of security breaches are occurring more frequently.

Lack of Awareness

In a recent research white paper by OIER Economics, where a sample of business leaders was asked a variety of questions pertaining to the human aspect of cybersecurity, the findings showed a serious lack of awareness relating to the varying methods by which their own employees can easily be caught out. With over half of companies around having little or no awareness training in the human aspect of cybersecurity breaches, it is no surprise this type of breach currently costs the economies around the world billions of dollars every year. Sadly, the primary focus of security within companies seems to centre around every other aspect of security threats, with companies spending vast sums to combat them, not realising that the main threats actually arise from the very asset within their company – and that is their own employees.

As a result of the lack of knowledge with some of the most basic areas relating to the behaviour of employees which lead to cybersecurity breaches, it comes as no surprise to learn that a fair proportion of business leaders did not know that there is a link between phishing and the use of, for example, an employee’s mobile device. Further, phishing/hacking was considered to be something which only happened to an organisation’s internal network and not the individual, and therefore the individual cannot be seen as being in any way a source which leads to a security threat. This could not be further from reality in that the human is usually the most accountable source within organisations as far as security threats are concerned. And as interconnectedness increases, and with every new piece of technology as a preventative layer to security breaches becomes more sophisticated, so does the criminal activity. Therefore, in so many cases within organisations, the least costly layer available to the organisation is the awareness and engagement via training of employees.


The OIER Economics research on the human aspect of cybersecurity shows every type of security breach from the human perspective which has so far been overlooked. Not many business leaders are fully aware or have even considered the link between security breaches and what is around in their offices. For example, discarded company information left on photocopiers, printers which can easily be picked up by cleaning staff hours before any employees have entered the building to begin their day’s work. Companies need to become more preventative by using their most valued assets – their employees to engage them in their own behaviour. As a result, the time has come to put more controls in place within the office environment and those are controls around people.


Sign up to Mogul News.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Send this to a friend