IT security tops business concerns

IT security is the biggest concern for businesses today, ranking even higher than financial, marketing and human resources strategy.

This was a key finding of global research conducted by Kaspersky Lab that covered various aspects of IT security.

Alexander Erofeev, director of market intelligence and insight at Kaspersky Lab, presented some of the findings during the company's Virus Analyst Summit, held in Malaga, Spain, this week.

He said the research was performed in partnership with B2B International, a global research agency. More than 1 300 IT professionals in 11 countries participated in the survey, all of whom influence IT policies and take part in evaluating security risks. The survey covered businesses of all sizes, and featured a wide range of topics relating to IT security, including wider business risks, actions taken to protect the business, and incidents that have occurred.

“Nearly 50% of businesses see cyber threats as one of the top three developing risks. They also view damage to brands, espionage, and intellectual property theft as wider risks resulting from a security breach as paramount.”

He said alongside this, companies of all sizes have to deal with an increasing number of Internet-enabled devices, the endpoints of which mostly connect to the Internet, particularly within corporate environments. Moreover, 75% of all companies globally expect an increase in the number of devices in the next year.

According to Erofeev, a significant number of businesses have already become victims of cyber crime, including targeted attacks, events of corporate espionage and loss of sensitive intellectual property. “This led to the conclusion that cyber threats have become much more important for business, which was confirmed by 46% of the organisations.

“Nearly 60% of organisations believe themselves to be well-equipped against cyber threats, although smaller businesses reported a lower level of confidence. Nearly 50% of the businesses surveyed said they have experienced an increase in the number of cyber attacks against them over the course of the last year.”

He said companies also reported they were concerned that cyber attacks may involve organised criminal gangs and were worried about government interference.

“As a result, prevention of IT security breaches was the top concern in all regions among IT staff.”

Erofeev said over the last year, 91% of companies experienced at least one IT security event from an external source. “The most common threat comes in the form of viruses, spyware and other malware; 31% of malware attacks resulted in some form of data loss, with 10% of companies reporting loss of sensitive business data. The second most frequent accident is network intrusion, with 44% of organisations reporting a security issue related to vulnerabilities in existing software.

“Eighteen percent of businesses also reported intentional leaks or data being shared by staff. Loss of sensitive data occurred in almost 50% of these cases.”

Speaking of loss of financial data, he said security breaches most frequently result in this, followed by personal customer information, intellectual property, and employee information.

He added that the report revealed that levels of sensitive data loss are much higher in developing markets. “Twelve percent of organisations experienced a loss of payment information, but in emerging markets 19% reported such an incident.”

Erofeev said that although there is a high level of awareness of risks and threats, every second company evaluated its IT security budget as insufficient, with a 25% increase in funding seen as necessary.

“In addition, anti-malware protection, a vital element of business security, is implemented only in 70% of businesses. This has resulted in most companies having experienced some sort of security breach in the last year, with a third of these companies having lost data.

“Strong IT security across the entire business is vital to avoid major damage to a company. The number of cyber threats, including targeted attacks, could result in more than data loss; a business' image and reputation could be damaged, a major concern for most organisations.”