New Kaspersky report throws up business perception of IT security in wake of inevitable compromise



Kaspersky Lab released Monday a report revealing the current state of security threats among businesses and how their perception of threats compares to the reality of cybersecurity incidents experienced over the past year, both in North America and worldwide.

A top concern of North American businesses and a leading cause of successful cyberattacks in these organizations are also the most important asset: their employees.

The findings of the report, ‘Business Perception of IT Security: In the Face of an Inevitable Compromise,’ are a subset of data from the 2016 Kaspersky Lab Corporate IT Security Risks survey, which confirms cyberattacks are not uncommon to businesses throughout the world. In the last 12 months on a global scale, 43 percent of businesses experienced data loss as a result of a breach.

As organizations look for protection from the growing menace of cyber-crime, Kaspersky Lab set out to better understand the perception and reality of the security threat landscape. This global study of over 4,000 businesses from 25 countries asked businesses about their perceptions of the main security threats they face and the measures used to combat them.

The research found that companies around the world are facing a multitude of security threats, from viruses and phishing to zero-day vulnerability exploitation and DDoS attacks. Looking at how perception compares with reality provides us with a fresh look on new and emerging cyber threats.

Kaspersky immediately found multiple areas of improvement of businesses’ perceived readiness towards certain types of incidents. The threat of malware is well recognized as businesses have experienced this more than any other security threat, but businesses don’t feel as vulnerable to this type of threat as targeted attacks, for example, which they feel both highly concerned and vulnerable about.

The report found that data protection is the main area of concern in eight out of ten businesses, and six out of ten typical vulnerable areas are directly related to this fear of data loss. However, it was surprising to note that attitudes to towards general protection approaches are mixed, with only half of those surveyed recognizing the need to be prepared for a security compromise.

When taking a closer look at businesses in North America, the data reveals that these organizations are significantly less protected against attacks compare to businesses worldwide. For enterprises, nearly half (44 percent) in North America suffered four or more data breaches in the past 12 months alone, which is double the amount that businesses worldwide suffered (20 percent).

Businesses in North America claim that two of the top causes of the most serious data breach they’ve experienced were careless/uninformed employee actions (59 percent) and phishing/social engineering (56 percent). The survey proves that cybercriminals are successfully hacking their way into corporations through uninformed employees. Business leaders need to ensure that employees are educated on company policies and procedures for navigating security threats while at work.

Although 32 percent of businesses in North America confirm a significant increase in the number of smartphones, this is also the number one IT security challenge that businesses don’t feel their organization is protected against. More than half (52 percent) of businesses in North America admit to being least protected against mobile security threats, such as inappropriate usage or sharing data via mobile devices.

Six out of ten typical vulnerable areas are directly related to a fear of data loss; however, the real surprise is that the most frequent point of vulnerability is inappropriate usage or sharing data via mobile devices, with 54 percent of businesses reporting that they face challenges understanding how to address this threat globally, and 52 percent in North America.

In North America, nearly half (44 percent) of businesses reported that the main reason they want to invest in more IT security is due to business expansion. As organizations continue to grow and cyber threats continue to evolve every day, intelligent protection strategies and educational programs will be critical to protecting businesses from future cyberattacks.

“The survey results indicate the need for a different view on the growing complexity of cyberthreats,” said Veniamin Levtsov, vice president, enterprise business at Kaspersky Lab. “The key point here is that threats are not necessarily getting more sophisticated. It’s the growing attack surface that requires more diverse set of protection methods. This makes matters even more complicated for IT security departments. The most important finding is the companies’ points of vulnerability: threats like employee carelessness and data exposure due to inappropriate sharing of device theft.”

“Adding targeted attacks, issues related to cloud services and IT outsourcing to the context reveals a need for an integrated approach: well-proven technologies to prevent widespread cyberthreats; intelligent systems to analyze the workflow, detect potential weak points and targeted attacks; security expertise, awareness and training to address a company’s general resistance towards current and potential threats,” Levtsov added.

Leave a Reply

WWPI – Covering the best in IT since 1980