According to a global survey of IT professionals, 27 percent of all businesses have lost sensitive business data due to internal IT threats in the past 12 months. However, the data shows that for the first time since Kaspersky Lab began tracking these incidents in 2011, accidental data sharing by staff now produces a greater amount of lost data than software vulnerabilities. Alarmingly, both sources of data loss are most commonly found in businesses within the Utilities & Energy and Telecom business sectors.
Changes to the Internal Security Threat Landscape
From 2011-2014, Kaspersky Lab’s ongoing research of threats to businesses found a nine percent drop in reported software vulnerabilities encountered amongst medium, large and enterprise businesses (small businesses were excluded from this statistic). The same group also reported a five percent decrease in data loss resulting from software vulnerabilities. On the other hand, reports of accidental data leaks by staff have remained steady during that time period, while the amount of lost data attributed to accidental data leaks by staff has increased by two percent, making accidental data leaks the top internal threat responsible for lost data.
Featured Download: Social media access at work. Do your employees know the rules?
The most commonly reported internal threat is still software vulnerabilities, which were reported by an average of 36 percent of all businesses (small businesses included). Accidental data leaks by staff, which were reported by 29 percent of all businesses, are the second most-commonly reported internal threat and are now the biggest source of lost data. According to the survey data, 20 percent of all businesses reported losing data from a software vulnerability incident, while 22 percent reported losing data from an accidental leak by staff. This data suggests that businesses are slowly winning their struggle with software vulnerabilities, but data loss is growing in other areas of businesses. Other examples of internal threats that lead to data loss incidents include loss of mobile devices, intentional or accidental data leaks from employees, and security failures by a third-party supplier.
Internal Threats and Data Leakage for Critical Infrastructure
One of the most alarming trends uncovered by Kaspersky Lab’s investigation of internal threats is how often they occurred in businesses within infrastructure sectors. The survey found that 40 percent of business in the Utilities & Energy sector encountered software vulnerabilities within the past year–the highest reported across all business sectors. The Telecom sector also reported a high rate of software vulnerabilities at 35 percent.
Additionally, the Telecom sector reported by far the highest rate of accidental leaks and data sharing by staff at 42 percent. The Utilities and Energy sector reported the second-highest rate of this threat, at 33 percent.
Kaspersky Lab today offers a number of security technologies to control applications, close software vulnerabilities and maintain control over mobile devices, and offers unmatched insight into cyber-threats targeting industrial control systems. To protect the specific needs of manufacturing, industrial and critical infrastructure environments, Kaspersky Lab offers a custom-designed version of the company’s endpoint security software designed for manufacturing and industrial settings. Kaspersky Lab also created the Kaspersky Industrial Protection Simulation to help organisations train for cyber-attacks that could affect the infrastructure of their facility.
To read more insight and research about software vulnerabilities and other internal business threats, visit the Kaspersky Lab Business blog.
About Kaspersky Lab
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.