Kaspersky Lab Survey Identifies Internal Corporate IT Threats that Lead to the Most Data Loss
- According to the 2014 Global Corporate IT Security Risks survey conducted by Kaspersky Lab and B2B International, 24% of all businesses in the GCC have lost sensitive business data due to internal IT threats in the past 12 months. However, the global data shows that for the first time since Kaspersky Lab began tracking these incidents with this survey in 2011, accidental data sharing by staff now produces a greater amount of lost data than software vulnerabilities. Both sources of data loss are most commonly found in businesses within the Utilities & Energy and Telecom business sectors. According to the report, the most common internal threats in the GCC are: • Accidental data leaks by staff, reported by 25% • Loss/theft of mobile devices by staff reported by 25% • Software vulnerabilities, which were reported by an average of 23% of all businesses. Of the incidents, the biggest sources of data loss were from: • 19% said due to loss of mobile devices by employees. • 17% said due to accidental leak by staff • 14% due to software vulnerability incident Other examples of internal threats that lead to data loss incidents include intentional data leaks from employees and security failures by a third-party supplier. These figures suggest that businesses are slowly winning their struggle with software vulnerabilities; however data loss is growing is a growing area of concern. Kaspersky Labs’ investigation of internal threats also revealed some alarming trends within key verticals. For example, Telecom companies reported by far the highest rate of accidental leaks and data sharing by staff, at 42%. The Utilities and Energy sector reported the second-highest rate of this threat, at 33%, and Manufacturing at 31%. Software vulnerabilities encountered by companies within the past year were also reported by a large number of organizations. For example, 40% of business in the Utilities & Energy sector, 36% in Transportation/Logistics and 35% in Telecom and Manufacturing sector. Kaspersky Lab today offers a number of security technologies to control applications, close software vulnerabilities and maintain control over mobile devices, and offers unmatched insight into cyber-threats targeting industrial control systems. To protect the specific needs of manufacturing, industrial and critical infrastructure environments, Kaspersky Lab offers a custom-designed version of the company’s endpoint security software, created for manufacturing and industrial settings. Kaspersky Lab also provides the Kaspersky Industrial Protection Simulation to help organizations train for cyber-attacks that could affect the infrastructure of their facility. To reinforce the effectiveness of security solutions such as Kaspersky Endpoint Security for Business and special solutions for industrial systems, organizations should have comprehensive security policies and effective staff education to help employees understand and follow the company’s security policies and rules.