According to a survey of IT professionals, a quarter, 27 per cent of all businesses have lost sensitive business data due to internal IT threats in the past 12 months. However, the data shows that for the first time since Kaspersky Lab began tracking these incidents in 2011, accidental data sharing by staff now produces a greater amount of lost data than software vulnerabilities. Alarmingly, both sources of data loss are most commonly found in businesses within the Utilities & Energy and Telecom business sectors.
From 2011-2014, Kaspersky Lab says that its research of threats to businesses found a nine per cent drop in reported software vulnerabilities encountered amongst medium, large and enterprise businesses (small businesses were excluded from this statistic). The same group also reported a five per cent decrease in data loss resulting from software vulnerabilities. On the other hand, reports of accidental data leaks by staff have remained steady during that time period, while the amount of lost data attributed to accidental data leaks by staff has increased by two per cent, making accidental data leaks the top internal threat responsible for lost data.
The most commonly reported internal threat is still software vulnerabilities, which were reported by an average of 36 per cent of all businesses (small businesses included). Accidental data leaks by staff, which were reported by 29 per cent of all businesses, are the second most-commonly reported internal threat and are now the biggest source of lost data. According to the survey data, 20 per cent of all businesses reported losing data from a software vulnerability incident, while 22 per cent reported losing data from an accidental leak by staff. This data suggests that businesses are slowly winning their struggle with software vulnerabilities, but data loss is growing in other areas of businesses. Other examples of internal threats that lead to data loss incidents include loss of mobile devices, intentional or accidental data leaks from employees, and security failures by a third-party supplier.
One trend uncovered by the IT firm’s investigation of internal threats is how often they occurred in businesses within infrastructure sectors. The survey found that 40 per cent of business in the Utilities and Energy sector encountered software vulnerabilities within the past year, the highest reported across all business sectors. The Telecom sector also reported a high rate of software vulnerabilities at 35 per cent. The Telecom sector reported by far the highest rate of accidental leaks and data sharing by staff, at 42 per cent. The Utilities and Energy sector reported the second-highest rate of this threat, at 33 per cent. Visit www.kaspersky.com.
