Insider data loss threats damaging most companies
Three in four companies may face significant losses of data due to insider threats, a new report has found. Despite a focus on protecting their data from attack, insider threats account for 42 per cent of all confidential data loss and nearly three out of every four companies has had an insider threat event.
73 per cent of companies overall have been affected by both intentional and unintentional internal information security incidents, Kaspersky Lab and B2B International’s report said.
The IT Security Risks Survey found that 21 per cent of companies also lost valuable data that had a serious effect on their business.
Employee failure to keep up with the rapid pace of change in IT environments presents another vulnerability for firms, leaving them exposed not only to external threats but also to internal threats.
Data loss can occur in many different forms. Kaspersky and B2B discovered cases of boss accidental data leaks (28 per cent) and intentional leaks (14 per cent).
Internal threats also included the loss or theft of company mobile devices, with nearly one in five respondents admitting to having lost a mobile device that contained company data within the last 12 months.
Employees were also shown to have committed fraud on several occasions. Kaspersky found that 15 per cent of all organisations where company resources, including finances, were abused by employees who utilised them for their own purposes.
The damage from fraudulent incidents was greater than the damage caused by confidential data leaks for businesses, with SMEs losing up to £26,250 on average and was in excess of £850,000 for large firms.
“A security solution alone is not enough to protect a company’s data, and the results of this study confirm that,” said Konstantin Voronkov, head of endpoint product management at Kaspersky Lab.
“What’s required is an integrated multi-level approach powered by security intelligence and other supplementary measures. These measures may include the use of specialised solutions and the introduction of security policies, such as restricting access rights.”
Kaspersky Lab recommended that businesses employ technologies including reliable anti-phishing, encryption and mobile device security services.
The security firm also recommended protecting virtual infrastructure and financial transactions to provide security specific to individual facets of IT infrastructure and data centres.