Light Dark
January 17, 2018 By Larry Loeb 2 min read

Human error remains one of the top vulnerabilities leading to cyberattacks, according to recent research. A new report from Kaspersky Lab found that employee carelessness accounted for 46 percent of breaches in the past year, suggesting an urgent need for stronger policies and increased security awareness.

Weak IT Security Policies Put SMBs at Risk

Unsurprisingly, only 12 percent of the nearly 8,000 employees surveyed said they fully understood their organization’s IT security policies. Another 24 percent said their organization lacks a concrete cybersecurity framework altogether.

In addition, roughly half (49 percent) of employees said they consider cybersecurity to be a shared responsibility. This is particularly troublesome for small and midsized businesses (SMBs), many of which have employee-owned devices on their networks and inadequate or nonexistent policies to govern them. Others divide responsibility inefficiently among the IT department and nontechnical workers.

For these reasons, SMBs have historically been prime targets for common cyberthreats such as ransomware. Lack of skilled IT employees and financial resources only exacerbates this problem.

Improving Security Awareness

The study also noted that executives, HR leaders and finance specialists were among the most at-risk employees. According to TechRepublic, these employees’ access to sensitive information makes them particularly valuable targets for threat actors.

“The issue of unaware staff can be a major challenge to overcome, especially for smaller businesses where a cybersecurity culture is still being developed,” Vladimir Zapolyansky, head of SMB business at Kaspersky Lab, said in a press release. He further noted that businesses should focus on increasing security awareness among employees and implement solutions that are simple enough for nontechnical workers to use but powerful enough to protect the organization from advanced cyberthreats.

The SMB Security Conundrum

The security conundrum facing SMBs is complex, since effective solutions require significant time, effort and financial resources, which are rare commodities. Still, the main issue revealed in the Kaspersky report — low security awareness among employees — is something all organizations can and should improve with better engagement among top leadership and better communication between security professionals and nontechnical employees.

 |  |  |  | 
Larry Loeb
Principal, PBC Enterprises

More from

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature