Kaspersky Lab today released a report, Business Perception of IT Security: In the Face of an Inevitable Compromise, revealing the current state of security threats among businesses and how their perception of threats compares to the reality of cybersecurity incidents experienced over the past year, both in North America and worldwide. A top concern of North American businesses and a leading cause of successful cyberattacks in these organizations are also the most important asset: their employees.
The findings are a subset of data from the 2016 Kaspersky Lab Corporate IT Security Risks survey¹, which confirms cyberattacks are not uncommon to businesses throughout the world. In just the last 12 months on a global scale, 43 percent of businesses experienced data loss as a result of a breach. When taking a closer look at businesses in North America, the data reveals that these organizations are significantly less protected against attacks compare to businesses worldwide. For enterprises, nearly half (44 percent) in North America suffered four or more data breaches in the past 12 months alone, which is double the amount that businesses worldwide suffered (20 percent).
Businesses in North America claim that two of the top causes of the most serious data breach they’ve experienced were careless/uninformed employee actions (59 percent) and phishing/social engineering (56 percent). The survey proves that cybercriminals are successfully hacking their way into corporations through uninformed employees. Business leaders need to ensure that employees are educated on company policies and procedures for navigating security threats while at work.
Six out of ten typical vulnerable areas are directly related to a fear of data loss; however, the real surprise is that the most frequent point of vulnerability is inappropriate usage or sharing data via mobile devices, with 54 percent of businesses reporting that they face challenges understanding how to address this threat globally, and 52 percent in North America.
Although 32 percent of businesses in North America confirm a significant increase in the number of smartphones, this is also the number one IT security challenge that businesses don’t feel their organization is protected against. More than half (52 percent) of businesses in North America admit to being least protected against mobile security threats, such as inappropriate usage or sharing data via mobile devices.
“The survey results indicate the need for a different view on the growing complexity of cyberthreats,” said Veniamin Levtsov, vice president, enterprise business at Kaspersky Lab. “The key point here is that threats are not necessarily getting more sophisticated. It’s the growing attack surface that requires more diverse set of protection methods. This makes matters even more complicated for IT security departments. The most important finding is the companies’ points of vulnerability: threats like employee carelessness and data exposure due to inappropriate sharing of device theft. Such challenges cannot be addressed by a technology or algorithm, instead they require better employee awareness and regular training. Adding targeted attacks, issues related to cloud services and IT outsourcing to the context reveals a need for an integrated approach: well-proven technologies to prevent widespread cyberthreats; intelligent systems to analyze the workflow, detect potential weak points and targeted attacks; security expertise, awareness and training to address a company’s general resistance towards current and potential threats.”
In North America, nearly half (44 percent) of businesses reported that the main reason they want to invest in more IT security is due to business expansion. As organizations continue to grow and cyber threats continue to evolve every day, intelligent protection strategies and educational programs will be critical to protecting businesses from future cyberattacks.
The full North America report titled, “Business Perception of IT Security: In the Face of an Inevitable Compromise,” is available at Kaspersky Lab’s website.
Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.
¹ Corporate IT Security Risks is the annual survey conducted by Kaspersky Lab in cooperation with B2B International. In 2016 we have asked more than 4000 representatives of small, medium and large businesses from 25 countries on their views on IT Security and real incidents they had to deal with.