The Threat Within: 3 Out Of 4 Companies Affected By Internal Information Security Incidents

Woburn, MA – November 16, 2015 – Costly cyberattacks are now almost routine for businesses, but while many organizations are focusing on external attackers, it’s important to also look at threats from within. According to the IT Security Risks Survey[1] conducted by Kaspersky Lab and B2B International, 73% of companies have been affected by internal information security incidents. The survey also found that the largest single cause of confidential data losses is by employees (42%).

As a company’s IT infrastructure expands, new components add new vulnerabilities. The situation is aggravated by the fact that not all employees keep pace with a rapidly changing IT environment. As a result, companies are exposed to not only external threats but internal threats from employees. This was confirmed by a recent survey of businesses that found that 21% of companies affected by internal threats lost valuable data that subsequently had an effect on their business.

The survey also reported cases of accidental data leaks (28%) and intentional leaks of valuable company data (14%). In addition to data leaks, internal threats included the loss or theft of employee mobile devices with 19% of respondents confirming that they lost a mobile device containing corporate data at least once a year.

Fraud committed by employees is another internal threat that must be considered by businesses. The survey found that 15% of organizations encountered situations where company resources, including finances, were used by employees for their own purposes. The losses caused by these incidents exceeded the damage caused by confidential data leaks for enterprises. Small and medium businesses lose up to $40,000 on average from fraudulent activity by employees, while the figure for enterprises exceeds $1.3 million.

"It's no secret that a security solution alone is not enough to protect a company’s data. And the results of this study confirm that,” comments Konstantin Voronkov, Head of Endpoint Product Management, Kaspersky Lab. “What’s required is an integrated multi-level approach powered by security intelligence and other supplementary measures. These measures may include the use of specialized solutions and the introduction of security policies, such as restricting access rights."

To help businesses combat both internal and external threats, Kaspersky Lab recommends a reliable, multi-level protection strategy. In particular, technology like anti-phishing, encryption, mobile device security, and protection for virtual infrastructure and financial transactions. These solutions provide reliable, targeted security for the individual nodes of a corporate IT infrastructure and datacenters.

About Kaspersky Lab

Kaspersky Lab is one of the world’s fastest-growing cybersecurity companies and the largest that is privately-owned. The company is ranked among the world’s top four vendors of security solutions for endpoint users (IDC, 2014). Since 1997 Kaspersky Lab has been an innovator in cybersecurity and provides effective digital security solutions and threat intelligence for large enterprises, SMBs and consumers. Kaspersky Lab is an international company, operating in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide.

Learn more at www.kaspersky.com.

For the latest in-depth information on security threat issues and trends, please visit:

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact
Stephen Russell
781.503.1833
stephen.russell@kaspersky.com

[1]Kaspersky Lab and B2B International, 2015. Over 5,500 IT specialists were surveyed from 26 countries around the world.