One cybersecurity firm’s 2024 incidence data, several factors and mitigations revolve around a high incidence of network security threats last year
According to cybersecurity firm Kaspersky, the most common type of security incident (88%) faced by its customers* in 2024 was related to network protection.
Outside of the USA, the firm’s global users had encountered adversaries attempting to infiltrate their network, while over 60% reporting incidents where bad actors had executed malicious code within their network or attempted to take control of compromised systems.
Despite having the most comprehensive protection measures in place, large enterprises in the firm’s protection ecosystem experienced the highest rate of network security incidents. Small- and medium-sized enterprises (SMEs) had also faced challenges, with a significant percentage of incidents attributed to the deliberate or inadvertent actions of their own employees.
Understanding network security threats
When cybercriminals detect a weak spot in a target firm’s computer system, they use it to gain unauthorized access and install malware, spyware, or other harmful software. These weak spots are also a gateway for social engineering attacks, where individuals become an easier target.
As more and more data is created, stored and transmitted electronically, the potential for cyberattacks to compromise sensitive information is also increasing. Also, cybercriminals are constantly developing new tactics and techniques to bypass traditional security measures, making it challenging for businesses to stay ahead of the curve.
Furthermore, the rise of remote-working and “bring your own device” policies has created additional challenges for network security. With employees accessing company data from various locations and devices, the potential for security breaches is heightened. This, combined with the lack of proper security protocols and employee training, creates a vulnerable environment for cyberattacks to occur.
Human error is another key factor contributing to security incidents. According to Kaspersky’s own findings, customers’ own employees have consciously or unconsciously helped adversaries by their action or inaction, with the majority of these occurrences in medium and small businesses, and to a lesser extent, in large organizations. Lack of security awareness or insufficient training, are leading causes of cyber breaches and data leaks arising from human error. Phishing attacks are a common threat. Insider threats, where employees intentionally or unintentionally leak confidential data, can also pose a significant risk to a company’s security.
SMEs may lack the necessary infrastructure and awareness to adequately protect their sensitive information, making them an easy target for cyber criminals looking to exploit weak links in the security chain.
Tips for better protection
To mitigate the risk of cyberattacks caused by human error, organizations need to take steps to raise awareness among employees about cyber threats and invest in comprehensive cyber security training programs.
Regular security audits and monitoring can help identify vulnerabilities and address them before they are exploited by cyber criminals.
Investing in specialized solutions can protect an organization’s assets with real-time protection, threat visibility, investigation and response capabilities (Endpoint Detection and Response and also eXtended Detection and Response) for organizations of any size and industry.
Ultimately, a combination of technological solutions and proactive employee education is essential in safeguarding corporate data and reputation in the digital landscape in 2025 and beyond.
*Note: The firm has no operations in the USA, and readers should be aware of this limitation.
