Employee error is one of the main causes of internal IT security incidents leading to leakage of confidential corporate data. This is according to the findings of the Global Corporate IT Security Risks 2013 survey conducted by B2B International and Kaspersky Lab this year.
Although vulnerabilities in software used by company staff in their daily duties is one of the top reasons behind internal IT security incidents (with 39 per cent of companies reporting this issue), the volume of different types of incidents taking place due to staff errors is equally high. Four out of five types of internal IT security incidents that took place within companies were closely related to erroneous employee actions.
Approximately 32 per cent of respondents reported leaks that took place as a result of employee mistakes. A slightly lower number of companies — 30 per cent — reported incidents where the employee was at fault over the loss or theft of mobile devices. 19 per cent of the companies participating in the survey reported that employees were involved in intentional leaks. 18 per cent reported incidents that were caused by incorrect use of mobile devices (via mobile email clients or text messaging).
At the same time, an average of 7 per cent of respondents reported that employee actions were the cause of leakages of critically confidential information relating to company operations. Most commonly, leakages of critically sensitive data occurred when employees were responsible for the loss or theft of mobile devices with 9 per cent of respondents reporting these types of incidents.
A comprehensive approach to a complex problem
“These types of incidents can be eliminated – or at least the risk can be minimised – by implementing a set of measures including educating employees about IT threats and developing, putting into place, and overseeing the enforcement of appropriate security policies within the company. Another preventative action to consider is the use of specialised security solutions, such as Kaspersky Endpoint Security for Business”, comments David Emm, senior security researcher at Kaspersky Lab.
As a top-quality security platform, this Kaspersky Lab product includes a component that protects both desktop computers and mobile devices, and offers the ability to effectively manage them.
This platform will not only provide a top level of security for a corporation’s IT infrastructure, but will also help enforce a company’s IT security policies, and even compensate them in the event of no policy being in place.
About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 15-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.co.uk.
* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2011. The rating was published in the IDC report "Worldwide Endpoint Security 2012–2016 Forecast and 2011 Vendor Shares (IDC #235930, July 2012). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2011.