Was your data breach an inside job?
Kaspersky Lab revealed the current state of security threats among businesses and how their perception of threats compares to the reality of cybersecurity incidents experienced over the past year, both in North America and worldwide. A top concern of North American businesses and a leading cause of successful cyberattacks in these organizations are also the most important asset: their employees.
The findings are a subset of data from the 2016 Kaspersky Lab Corporate IT Security Risks survey, which confirms cyberattacks are not uncommon to businesses throughout the world. In just the last 12 months on a global scale, 43 percent of businesses experienced data loss as a result of a breach.
When taking a closer look at businesses in North America, the data reveals that these organizations are significantly less protected against attacks compare to businesses worldwide. For enterprises, nearly half (44 percent) in North America suffered four or more data breaches in the past 12 months alone, which is double the amount that businesses worldwide suffered (20 percent).
Businesses in North America claim that two of the top causes of the most serious data breach they’ve experienced were careless/uninformed employee actions (59 percent) and phishing/social engineering (56 percent). The survey proves that cybercriminals are successfully hacking their way into corporations through uninformed employees. Business leaders need to ensure that employees are educated on company policies and procedures for navigating security threats while at work.
Six out of ten typical vulnerable areas are directly related to a fear of data loss; however, the real surprise is that the most frequent point of vulnerability is inappropriate usage or sharing data via mobile devices, with 54 percent of businesses reporting that they face challenges understanding how to address this threat globally, and 52 percent in North America.
Although 32 percent of businesses in North America confirm a significant increase in the number of smartphones, this is also the number one IT security challenge that businesses don’t feel their organization is protected against. More than half (52 percent) of businesses in North America admit to being least protected against mobile security threats, such as inappropriate usage or sharing data via mobile devices.
“The survey results indicate the need for a different view on the growing complexity of cyberthreats,” said Veniamin Levtsov, vice president, enterprise business at Kaspersky Lab. “The key point here is that threats are not necessarily getting more sophisticated. It’s the growing attack surface that requires more diverse set of protection methods. This makes matters even more complicated for IT security departments. The most important finding is the companies’ points of vulnerability: threats like employee carelessness and data exposure due to inappropriate sharing of device theft. Such challenges cannot be addressed by a technology or algorithm, instead they require better employee awareness and regular training. Adding targeted attacks, issues related to cloud services and IT outsourcing to the context reveals a need for an integrated approach: well-proven technologies to prevent widespread cyberthreats; intelligent systems to analyze the workflow, detect potential weak points and targeted attacks; security expertise, awareness and training to address a company’s general resistance towards current and potential threats.”
In North America, nearly half (44 percent) of businesses reported that the main reason they want to invest in more IT security is due to business expansion. As organizations continue to grow and cyber threats continue to evolve every day, intelligent protection strategies and educational programs will be critical to protecting businesses from future cyberattacks.