Yerezhepov M.B.
ASSESSMENT OF THE LEVEL OF CYBER HYGIENE IN ORGANIZATIONS AND ITS IMPACT ON DATA LEAKS: DEVELOPMENT OF IMPROVEMENT RECOMMENDATIONS *
Аннотация:
in the face of ever-increasing cyber threats, organizations face a critical need to assess and enhance their level of cyber hygiene to prevent data leaks. Cyber hygiene, defined as a set of practices and measures to maintain the security of information systems, is often underestimated, leading to vulnerabilities and successful cyberattacks. The human factor and behavioral aspects of employees play a particular role in this, often representing one of the most vulnerable links in the cybersecurity chain. This article explores methodologies for assessing the level of cyber hygiene in organizations, analyzes its impact on the occurrence of data leaks, and proposes comprehensive recommendations for improvement, focusing on both technical aspects and enhancing personnel awareness and training.
Ключевые слова:
Cyber Hygiene, Organizational Cybersecurity, Data Leaks, Data Breaches, Security Assessment, Human Factor, User Awareness, Security Education, Best Practices, Risk Management
DOI 10.24412/2712-8849-2025-586-1293-1301
Introduction. In todays digital landscape, organizations face an escalating threat of data breaches, persisting despite significant investments in cybersecurity technologies ([1], [2]). This ongoing vulnerability largely stems from an underestimated factor: inadequate cyber hygiene, which creates a "digital mess" ([4]). This mess involves both technical deficiencies (e.g., poor access control) and critical non-technical issues like insufficient security awareness and lack of proper training among employees ([4]). The human element often proves to be the weakest link, as personnel frequently misunderstand or fail to utilize available security measures ([3]). Such poor cyber habits directly enable successful cyberattacks, leading to the devastating leakage of sensitive information ([2]). Addressing this fundamental lapse in organizational cyber hygiene is thus imperative.The urgent relevance of assessing cyber hygiene and its impact on data leaks stems from its role as a fundamental, preventive cybersecurity measure, vital for data protection, system integrity, and regulatory compliance ([1], [2]). Rapid digitalization, with its expanding attack surface, intensifies these risks if not matched by robust hygiene practices ([1], [2]). Critically, human error and behavior constitute a significant threat vector, underscoring the imperative for targeted training and behavioral change ([3], [4]). Consequently, a systematic assessment of current cyber hygiene levels and the development of tailored improvement recommendations are essential steps for any organization seeking to effectively mitigate cyber threats and prevent costly data leaks.2. State of the art.2.1 Common decisions.Within the cybersecurity domain, common decisions regarding cyber hygiene revolve around maintaining the overall "digital cleanliness" of systems and data to minimize vulnerabilities. Cyber hygiene is broadly defined as the set of practices and measures implemented to ensure the security and integrity of information systems, networks, and devices ([1], [4]). This concept encompasses not only technical aspects but also the cultivation of a robust security culture within an organization ([2]). Key common practices include the identification and prioritization of internet-connected devices, thorough security hardening, regular software updates and patching, stringent access control mechanisms, and continuous monitoring and threat analysis ([1], [4]). While cyber hygiene is often framed as an individual responsibility, distinct from the broader organizational responsibility for cybersecurity ([4]), it is imperative for organizations to establish clear policies and conducive environments that facilitate the adoption and adherence to these vital hygiene practices by all personnel.2.2 Strategic Decisions.Beyond the foundational common practices, the existing literature underscores the necessity of making specific strategic decisions to effectively elevate an organizations cyber hygiene posture. A paramount focus is placed on human-centric and behavioral decisions, a critical area given the consistent identification of personnel as a primary vulnerability in an organizations security architecture ([2], [3]). Strategic choices in this domain entail a deliberate investment in comprehensive cyber education, specifically designed to address the human element and end-user behaviors. Such initiatives aim to cultivate proper cyber hygiene practices, enhance overall security awareness, and mitigate risks stemming from human error or negligence ([3]). The success of cyberattacks is often directly linked to the cyber habits prevalent within an organization, making targeted education a non-negotiable strategic imperative ([2]).Furthermore, the adoption of structured assessment framework decisions is pivotal for proactive risk management. For example, a notable contribution is the proposed Cyber Hygiene Maturity assessment Framework (CHMF). This framework employs a rigorous survey-based risk assessment methodology to systematically identify and evaluate current cyber hygiene levels and practices within an organization ([2]). The analytical outcomes of such assessments then serve as a robust basis for defining effective strategies to manage cybersecurity and data privacy risks, enabling the recommendation of tailored, human-centric controls. This structured approach to assessment allows organizations to gain a deeper understanding of their current cyber awareness maturity among personnel, facilitating the provision of customized cyber hygiene training for both users and management ([2]).Lastly, proactive technical and operational prioritization decisions are fundamental to maintaining robust cyber hygiene. This encompasses strategic choices such as meticulously identifying and prioritizing all devices connected to the internet, implementing rigorous security hardening processes, and ensuring the timely and consistent application of security patches ([1], [4]). Moreover, the commitment to continuous monitoring and ongoing mitigation analysis is recognized as indispensable for establishing effective defenses against evolving cyber threats and attacks ([4]). These strategic decisions, often informed by and rooted in recognized cybersecurity frameworks like NIST, collectively contribute to reducing "cyber mess" and robustly protecting organizational data from burgeoning vulnerabilities ([3], [4]).2.3 Analysis.The analysis of existing literature reveals a convergent understanding of key methodologies for both assessing cyber hygiene and formulating effective improvement recommendations, alongside compelling insights into its direct impact on data security. To systematically compare the contributions of the reviewed articles, Table 1 provides an overview of their primary focus, methodologies, key findings related to cyber hygiene and data leaks, and proposed recommendations.As summarized in Table 1, a significant commonality across the studies is the recognition of cyber hygiene as a critical preventive measure against data breaches, consistently linking its neglect to increased vulnerability and successful cyberattacks ([1], [3], [4]). A recurring theme is the paramount importance of the human factor, several studies highlight human error, lack of awareness, and poor cyber habits as significant drivers of security incidents and data leaks ([2], [3], [5]). This understanding directly informs the development of human-centric approaches in cybersecurity, emphasizing the need for targeted education and behavioral interventions.In terms of methodologies, the literature presents distinct yet complementary approaches. While some studies provide conceptual frameworks and broad best practices through systematic literature reviews ([1], [3], [4]), others delve into specific assessment methodologies. Notably, a Cyber Hygiene Maturity assessment Framework (CHMF) based on survey data is proposed for evaluating cyber hygiene levels in critical infrastructures like Smart Grids, which can be adapted for broader organizational use ([2]). Similarly, a dedicated cyber hygiene methodology utilizing a survey-based risk assessment has been developed for healthcare organizations, specifically targeting awareness and perception among personnel ([5]). These methodologies underscore the shift towards quantifiable assessment of cyber hygiene, moving beyond general recommendations to data-driven insights.The collective findings underscore that effective improvement strategies must be multifaceted. Recommendations consistently include foundational technical practices such as diligent device identification, security hardening, and consistent patching ([1], [4]). Crucially, these are complemented by non-technical strategies focused on continuous cyber education, fostering security awareness, and implementing robust organizational policies, often guided by established frameworks like NIST and ISO standards ([2], [3], [5]). Ultimately, the analyzed literature confirms that a comprehensive and continuously monitored cyber hygiene program, particularly one that effectively addresses the human element, is indispensable for bolstering an organizations cyber resilience and safeguarding sensitive data from prevalent threats.2.4 Conclusion.In conclusion, the comprehensive review of the current state of the art unequivocally underscores cyber hygiene as a foundational and indispensable element of organizational cybersecurity. The analyzed literature consistently reveals that despite technological advancements, human-centric vulnerabilities, stemming from inadequate awareness and poor cyber habits, remain a critical nexus for data breaches. This highlights a shift in focus towards understanding and mitigating behavioral factors as much as technical ones. The emerging methodologies for assessing cyber hygiene, particularly those leveraging survey-based approaches, provide tangible means for organizations to quantify their current security posture and identify specific areas for intervention. Ultimately, the consensus across studies points towards the necessity of a multifaceted and continuously evolving strategy for improving cyber hygiene. Such a strategy must integrate robust technical controls with targeted, ongoing education and the cultivation of a proactive security culture. This holistic approach is crucial not only for mitigating the immediate risks of data leaks but also for fostering long-term cyber resilience within any organization.3. Discussion.The comprehensive review of the existing literature on cyber hygiene consistently reinforces its foundational role in organizational cybersecurity. A pervasive theme is the critical influence of the human factor, despite technological advancements, insufficient security awareness and ingrained poor cyber habits among employees remain a primary catalyst for data breaches. This underscores that effective security strategies must extend beyond technical controls to deeply integrate human-centric approaches that cultivate responsible digital behavior.A key insight is the growing emphasis on structured assessment methodologies for cyber hygiene. Frameworks like the Cyber Hygiene Maturity assessment Framework (CHMF) and survey-based approaches are vital for quantitatively evaluating security posture. These empirical methods precisely identify technical and behavioral gaps, enabling data-driven, tailored improvement strategies.The direct link between inadequate cyber hygiene and data breaches carries clear implications for organizations. Proactive investment in comprehensive cyber hygiene programs, prioritizing continuous education and policy enforcement, is thus a critical safeguard for organizational data and reputation. These initiatives effectively bridge the gap between technological defenses and the human element, bolstering cyber resilience and mitigating significant losses.However, the current body of research also reveals certain limitations. While the importance of human factors is well-established, more granular insights into the long-term effectiveness and scalability of diverse educational programs across various organizational contexts are still needed. Furthermore, the explicit integration of advanced technologies, such as Artificial Intelligence, into cyber hygiene assessment and remediation strategies appears to be an underexplored area in the current literature. These identified gaps highlight promising avenues for future research, offering fertile ground for developing more sophisticated and adaptive approaches to enhancing organizational cyber hygiene and ensuring long-term data security.
Номер журнала Вестник науки №5 (86) том 4
Ссылка для цитирования:
Yerezhepov M.B. ASSESSMENT OF THE LEVEL OF CYBER HYGIENE IN ORGANIZATIONS AND ITS IMPACT ON DATA LEAKS: DEVELOPMENT OF IMPROVEMENT RECOMMENDATIONS // Вестник науки №5 (86) том 4. С. 1293 - 1301. 2025 г. ISSN 2712-8849 // Электронный ресурс: https://www.вестник-науки.рф/article/23430 (дата обращения: 08.07.2025 г.)
Вестник науки © 2025. 16+