eWeek, By Sean Michael Kerner

While malware is a potential hazard for all organizations, security risks within legitimate software applications often lead to internal cyber-security incidents at companies around the world.

Flaws in existing software are the leading cause of internal IT security threats, according to a new study from Kaspersky Lab, which surveyed 2,895 IT professionals around the world. The software vulnerabilities are leading to multiple forms of exploits including data breaches.

Alexander Erofeev, chief marketing officer at Kaspersky Lab, defines internal incidents as those caused by internal reasons: vulnerabilities in software inside the company infrastructure and mistakes made by employees. "Some internal incidents result in data loss, but not always," Erofeev said. "For example, out of 39 percent of companies which reported incidents involving vulnerabilities, only 10 percent experienced sensitive data loss." Read more.