Employee distraction is now your biggest cybersecurity risk

Employee distraction is now your biggest cybersecurity risk

Briefly

It's not sophisticated threats causing the majority of cyber incidents, according to new research, it's distracted staff. A recent study from KnowBe4 found that distraction is the top reason organizations fall victim to cyber attacks, cited by 43% of cybersecurity professionals. A lack of security awareness training was close behind at 41%, with the pressure to act quickly at 33% and fatigue or burnout at 31%.

AI-generated attacks aren't dominant yet, KnowBe4 found, with only 11% citing it as their biggest threat - but cybersecurity professionals are worried about its use among cyber criminals. When asked about future threats, 60% of respondents expressed greatest concern about AI-generated phishing and deepfakes, followed by ransomware at 48% and shadow IT or unsanctioned AI tools at 42%.

Unsurprisingly, the main threat faced by workers was phishing, accounting for 74% of all incidents. Respondents noted staff frequently faced social engineering techniques such as employee impersonation - an issue that's grown in both scale and intensity in recent years. Three-in-ten cited social engineering via social media platforms such as LinkedIn as a major issue. Malicious links or attachments were also among the top risks encountered by employees, accounting for 38% of all attack methods.