The latest report released by leading secure content and threat management solutions developer Kaspersky Lab has indicated that half of global businesses see cybercrime in its various forms as the second biggest threat to their business, a close second to economic uncertainty.
In its report entitled “Global IT Security Risks: 2012,” which interviewed 3,300 senior IT professionals in companies from 22 countries, half of the respondents (50%) ranked cyber-threats as one of the top three concerns in their business.
Economic uncertainty is at the top of the ranking according to 55% of the respondents while the third most pressing concern is damage to brand or corporate reputation at 37%.
The survey, which was a joint initiative by Kaspersky Lab and B2B International in July 2012, also indicated that within the IT security risks among the fears of respondents were intellectual property theft (31%), computer fraud (26%) and industrial espionage (24%).
Such knowledge of threats point to familiarity of senior executives about the possible dangers they could face as they continue to rely on technology.
Companies are also more concerned over cyber-threats in the future than with economic uncertainty. In fact, 42 percent of respondents see cyber-threats as most important, believing that in the next two years, it would become an even bigger problem. Compare this to 39 percent of respondents who still see economic uncertainty as a bigger threat.
Malware infection (35%) is reported to be the most common external causes of data loss, followed by email (21%) and phishing (17%). To be blamed for the most common internal cause of data loss is vulnerabilities in installed applications (25%).
A surprising trend is also rising among these companies; 35% of these respondents said they have actually lost data due to flawed IT security. Among the data that was lost to flawed IT security included customer information (36%), financial data (36%), and employee data (31%).
Mobile devices were also easy targets for cyber-threats; 23% or respondents admitted that data leaks came from the loss of mobile devices. Another 15 percent said the theft of mobile devices contributed to data loss. In 13% of cases, important information fell into the wrong hands due to negligence, which can be attributed to sending messages to the wrong email address, as an example.
Kaspersky Lab Chief Product Officer Petr Merkulov said that the survey still reveals how low the number of companies are who think that they are prepared against cyber-threats. Only 59% of respondents said they are ready to face cyber-threats, which is just 1% more than in 2011.
“The fact that this view has changed very little since 2011, the measures being taken by IT specialists are woefully inadequate – only a little more than half of the respondents believe their company is really secure,” Merkulov said.
Merkulov said that alongside the fact that few companies seem prepared for what is coming, they are also starting to accept the fact that the use of personal mobile devices like tablet PCs and mobile phones to access corporate IT infrastructure is growing. Thus, there is a need to increase the level of computer security literacy among the workforce becomes essential.
Top management must also be fully aware of the potential consequences of cyber-threats and understand that reliable protection of the corporate network is necessary to ensure the effective development of a company’s IT infrastructure.
Merkulov made several recommendations for companies who want to strengthen their corporate IT security and to prepare them from further attacks.
· Data encryption — It is strongly recommended that the partial or complete encryption of data as an additional layer of security. Even if a device ends up in the wrong hands or a malware attack is successful, a cybercriminal that gains access to files that have been encrypted will not be able to see their contents.
· Paying particular attention to personal devices – Companies must implement security policies that cover the use of both personal and corporate mobile devices for work-related tasks.
· Be prepared for targeted attacks — It is recommended putting measures into place now for combating targeted attacks, and in particular paying more attention to proactive protection methods designed to prevent threats rather than dealing with the consequences.
· Educating staff – The survey showed that there is low level of computer literacy among employees which can lead to a company’s IT infrastructure being infected or confidential information being leaked. That is why teaching company personnel all the basics of IT security is no less important than installing the latest security software.