Accidental sharing by staff bigger threat to data loss: Kaspersky Lab
By Digital News Asia November 5, 2014
- Internal threats in business and infrastructure lead to the most data loss
- Most vulnerable industries: Utility and energy, and telco
IN a global survey of IT professionals, 27% of all businesses said they have lost sensitive business data due to internal IT threats in the past 12 months, according to Kaspersky Lab.
However, the data shows that for the first time since the company began tracking these incidents in 2011, accidental data sharing by staff now produces a greater amount of lost data than software vulnerabilities.
READ ALSO: No 1 security vulnerability is careless or unaware employees: EY survey
Alarmingly, both sources of data loss are most commonly found in businesses within the utilities and energy, and telecoms, business sectors, Kaspersky Lab said in a statement.
Internal security threat landscape
From 2011-2014, Kaspersky Lab’s ongoing surveys of threats to businesses found a 9% drop in reported software vulnerabilities encountered amongst medium, large and enterprise businesses (small businesses were excluded from this statistic).
The same group also reported a 5% decrease in data loss resulting from software vulnerabilities.
On the other hand, reports of accidental data leaks by staff have remained steady during that time period, and the amount of lost data attributed to accidental data leaks by staff has increased by 2%, making accidental data leaks the top internal threat responsible for lost data.
The most commonly reported internal threat is still software vulnerabilities, which were reported by an average of 36% of all businesses (small businesses included).
Accidental data leaks by staff, which were reported by 29% of all businesses, are the second most-commonly reported internal threat and are now the biggest source of lost data.
According to the survey data, 20% of all business reported losing data from a software vulnerability incident, while 22% reported losing data from an accidental leak by staff.
This data suggests that businesses are slowly winning their struggle with software vulnerabilities, but data loss is growing in other areas of businesses.
Other examples of internal threats that lead to data loss incidents include loss of mobile devices, intentional or accidental data leaks from employees, and security failures by a third-party supplier.
One of the most alarming trends uncovered by Kaspersky Lab’s investigation of internal threats is how often they occurred in businesses within infrastructure sectors.
The survey found that 40% of business in the utilities and energy sector encountered software vulnerabilities within the past year, the highest reported across all business sectors. The telco sector reported a high rate of software vulnerabilities as well, at 35%.
Additionally, the telco sector reported by far the highest rate of accidental leaks and data sharing by staff, at 42%. The utilities and energy sector reported the second-highest rate of this threat, at 33%.
Preventing data loss, and the health of your business
IT’s insurance plan against the cost of data loss
Information security is about you … yes, you!
Policy framework a must for security today: IDC
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.