Loss or exposure of sensitive data is the worst outcome of a cybersecurity incident, according to the findings of Kaspersky Lab’s report, “Business Perception of IT Security: In the Face of an Inevitable Compromise”, based on the 2016 Corporate IT Security Risks survey1. However, only just over half (52%) of businesses agree that they have to be better prepared for an inevitable security compromise.
Despite the evident threat of cyberattacks, the survey revealed mixed views on the state of protection and strategic mitigation approaches, exposing key weaknesses and vulnerabilities to existing and emerging threats. All companies today are faced with cyberattacks in some form or another, and in the last 12 months 43% of businesses experienced data loss as a result of a breach. For large businesses, one in five (20%) reported four or more data breaches during the period.
Perception vs. reality
Kaspersky Lab’s 2016 worldwide survey focused on comparing the perception of security threats with the reality of cybersecurity incidents experienced, to highlight potential points of vulnerability beyond the usual suspects of malware and spam. Key emerging threats were well represented among businesses: 32% of companies had experienced a targeted attack and 20% had experienced an incident involving ransomware. Another serious threat which was exposed by the survey is the carelessness of employees: this vector contributed to a security incident in almost half (43%) of the companies.
However, when asked about where they feel particularly vulnerable, a different set of challenges emerged. The top three most difficult threats to manage include: inappropriate sharing of data via mobile devices (54%); physical loss of hardware exposing sensitive information (53%); and inappropriate use of IT resources by employees (50%). This is followed by more emerging challenges such as the security of third-party cloud services, IoT threats, and security issues associated with outsourcing of IT infrastructure. The difference between perception and reality hints at the need for security strategies which go beyond just prevention and, in a broader context, technology.
Veniamin Levtsov, Vice President, Enterprise Business at Kaspersky Lab, comments: “The survey results indicate the need for a different approach to tackling the growing complexity of cyberthreats. The difficulties come not necessarily from the sophistication of attacks, but the growing attack surface that requires a more diverse set of protection methods. This makes matters even more complicated for IT Security departments who have more points of vulnerability to lock down.”
“Some threats like employee carelessness and data exposure, due to inappropriate sharing, are even harder to mitigate using an algorithm. This adds up to the grim reality of the modern threat landscape, where businesses have to repel the efforts of organized crime, rather than simply block ‘malicious software’. A truly efficient strategy therefore requires a combination of security technology, the analysis of external and internal cyber threat intelligence, constant monitoring, and the application of best practice for incident response”.
The report entitled “Business Perception of IT Security: In the Face of an Inevitable Compromise” is available at Kaspersky Lab’s website.
1Corporate IT Security Risks is the annual survey conducted by Kaspersky Lab in co-operation with B2B International. In 2016 we asked over 4000 representatives of small, medium and large businesses from 25 countries on their views on IT Security and real incidents they have experienced.