According to the 2014 Global Corporate IT Security Risks survey, conducted by Kaspersky Lab and B2B International, 27% of all businesses have lost sensitive business data due to internal IT threats in the past 12 months. However, the global data shows that for the first time since Kaspersky Lab began tracking these incidents with this survey in 2011, accidental data sharing by staff now produces a greater amount of lost data than software vulnerabilities. Both sources of data loss are most commonly found in businesses within the Utilities & Energy and Telecom business sectors.
According to the report, the most common internal threat is still software vulnerabilities, which were reported by an average of 36% of all businesses. Accidental data leaks by staff (reported by 29% of all businesses), and loss/theft of mobile devices by staff (26% of respondents noted it) are the second and third most-commonly reported internal threats. As the biggest sources of data loss from internal incidents 20% of all survey participants named software vulnerability incident, while 22% said about losing data from an accidental leak by staff and 19% reported leakage due to loss of mobile devices by employees. These figures suggest that businesses are slowly winning their struggle with software vulnerabilities, but data loss is growing in other areas of businesses. Other examples of internal threats that lead to data loss incidents include intentional data leaks from employees and security failures by a third-party supplier.
One of the most alarming trends uncovered by Kaspersky Lab’s investigation of internal threats is how often they occurred in businesses within infrastructure sectors. For example the Telecom companies reported by far the highest rate of accidental leaks and data sharing by staff, at 42%. The Utilities and Energy sector reported the second-highest rate of this threat, at 33%, with Manufacturing also having a high figure – 31%.
Software vulnerabilities encountered by companies within the past year were also reported by a high number of organisations from these sectors: by 40% of business in the Utilities & Energy sector, 36% in Transportation/Logistics and 35% in Telecom and Manufacturing sector.