Loss or exposure of sensitive data is the worst outcome of a cybersecurity incident, according to the findings of Kaspersky Lab’s report, “Business Perception of IT Security: In the Face of an Inevitable Compromise”, based on the 2016 Corporate IT Security Risks survey. However, only just over half (52%) of businesses agree that they have to be better prepared for an inevitable security compromise.
43% of businesses experienced data loss due to a targeted attack
20% of enterprises had four or more data breaches within a year
Despite the evident threat of cyberattacks, the survey revealed mixed views on the state of protection and strategic mitigation approaches, exposing key weaknesses and vulnerabilities to existing and emerging threats.
All companies today are faced with cyberattacks in some form or another, and in the last 12 months 43% of businesses experienced data loss as a result of a breach. For large businesses, one in five (20%) reported four or more data breaches during the period.
Perception vs. reality
Kaspersky Lab’s 2016 worldwide survey focused on comparing the perception of security threats with the reality of cybersecurity incidents experienced, to highlight potential points of vulnerability beyond the usual suspects of malware and spam.
Key emerging threats were well represented among businesses: 49% of companies had experienced a targeted attack and 50% had experienced an incident involving ransomware (with 20% having their data held hostage as a result).
Another serious threat which was exposed by the survey is the carelessness of employees: this vector contributed to a security incident in almost half (48%) of the companies.
Vs. most vulnerable areas of security incidents, as reported by businesses
However, when asked about where they feel particularly vulnerable, a different set of challenges emerged. The top three most difficult threats to manage include: inappropriate sharing of data via mobile devices (54%); physical loss of hardware exposing sensitive information (53%); and inappropriate use of IT resources by employees (50%).
This is followed by more emerging challenges such as the security of third-party cloud services, IoT threats, and security issues associated with outsourcing of IT infrastructure. The difference between perception and reality hints at the need for security strategies which go beyond just prevention and, in a broader context, technology.
“The survey results indicate the need for a different approach to tackling the growing complexity of cyberthreats. The difficulties come not necessarily from the sophistication of attacks, but the growing attack surface that requires a more diverse set of protection methods. This makes matters even more complicated for IT Security departments who have more points of vulnerability to lock down,” commented Veniamin Levtsov, Vice President, Enterprise Business at Kaspersky Lab.
“Some threats like employee carelessness and data exposure, due to inappropriate sharing, are even harder to mitigate using an algorithm. This adds up to the grim reality of the modern threat landscape, where businesses have to repel the efforts of organized crime, rather than simply block ‘malicious software’. A truly efficient strategy therefore requires a combination of security technology, the analysis of external and internal cyber threat intelligence, constant monitoring, and the application of best practice for incident response,” he added.