Kaspersky Lab Survey Identifies Internal IT Threats in Businesses and Infrastructure that Lead to the Most Data Loss

According to a global survey of IT professionals, 27% of all businesses have lost sensitive business data due to internal IT threats in the past 12 months. However, the data shows that for the first time since Kaspersky Lab began tracking these incidents in 2011, accidental data sharing by staff now produces a greater amount of lost data than software vulnerabilities. Alarmingly, both sources of data loss are most commonly found in businesses within the Utilities & Energy and Telecom business sectors.  

Changes to the Internal Security Threat Landscape

From 2011-2014, Kaspersky Lab’s ongoing surveys of threats to businesses found a 9% drop in reported software vulnerabilities encountered amongst medium, large and enterprise businesses (small businesses were excluded from this statistic). The same group also reported a 5% decrease in data loss resulting from software vulnerabilities. On the other hand, reports of accidental data leaks by staff have remained steady during that time period, and the amount of lost data attributed to accidental data leaks by staff has increased by 2%, making accidental data leaks the top internal threat responsible for lost data. 

The most commonly reported internal threat is still software vulnerabilities, which were reported by an average of 36% of all businesses (small businesses included). Accidental data leaks by staff, which were reported by 29% of all businesses, are the second most-commonly reported internal threat and are now the biggest source of lost data. According to the survey data, 20% of all business reported losing data from a software vulnerability incident, while 22% reported losing data from an accidental leak by staff. This data suggests that businesses are slowly winning their struggle with software vulnerabilities, but data loss is growing in other areas of businesses. Other examples of internal threats that lead to data loss incidents include loss of mobile devices, intentional or accidental data leaks from employees, and security failures by a third-party supplier.

Internal Threats and Data Leakage for Critical Infrastructure

One of the most alarming trends uncovered by Kaspersky Lab’s investigation of internal threats is how often they occurred in businesses within infrastructure sectors. The survey found that 40% of business in the Utilities & Energy sector encountered software vulnerabilities within the past year, the highest reported across all business sectors. The Telecom sector reported a high rate of software vulnerabilities as well, at 35%.

Additionally, the Telecom sector reported by far the highest rate of accidental leaks and data sharing by staff, at 42%. The Utilities and Energy sector reported the second-highest rate of this threat, at 33%.

Kaspersky Lab today offers a number of security technologies to control applications, close software vulnerabilities and maintain control over mobile devices, and offers unmatched insight into cyber-threats targeting industrial control systems. To protect the specific needs of manufacturing, industrial and critical infrastructure environments, Kaspersky Lab offers a custom-designed version of the company’s endpoint security software, designed for manufacturing and industrial settings. Kaspersky Lab also created the Kaspersky Industrial Protection Simulation to help organizations train for cyber-attacks that could affect the infrastructure of their facility.

To read more insight and research about software vulnerabilities and other internal business threats, visit the Kaspersky Lab Business blog.