Human Factor in IT Security Totally Underestimated

Nov 14, 2013 (Thu): 85% of organizations worldwide experienced an internal information security incident last year, some of which led to sensitive data loss, according to the Global Corporate IT Security Risks 2013 survey carried out by the B2B International research agency and Kaspersky Lab. The survey found that the three most common types of internal threats are: vulnerabilities or flaws in existing software, accidental leaks of data due to human error, and the loss or theft of mobile devices.

Most companies around the globe understand the importance of IT security preventive measures and implement them to varying degrees. In order to minimize internal security risks, half of the organizations surveyed have network structures that, for example, separate mission-critical networks from other networks and 52% use different levels of access privilege to IT systems.

However, many companies admit that existing measures are insufficient and some are increasingly implementing new security solutions which could enforce policies and provide additional protection from data loss. For instance, less than half the companies surveyed use application control, device control or an anti-malware agent for mobile devices. Even fewer organizations have implemented a Mobile Device Management solution (24%) or encryption on removable devices (33%).

Another problem is that employees do not always comply with existing corporate security policies, and less than half of companies (46%) have clearly outlined sanctions and disciplinary procedures for when IT security policies are breached. Meanwhile, just under half (48%) of the companies polled feel that security policies actually bring any value to the staff.

Kaspersky Lab has tailored a complex security solution Kaspersky Endpoint Security for Business, a platform which delivers a broad array of tools and technologies to enable companies to control and protect all endpoint devices. In terms of preventing internal threats it provides a strong encryption algorithm to protect sensitive business information, application control, device control, web control features and mobile device management to enforce IT security policies.

Moreover, the Global Corporate IT Security Risks 2013 survey results demonstrate that small and medium-sized businesses worldwide have an even lower level of security solution implementation than enterprise-sized companies. For the ‘very small business’ segment Kaspersky Lab has just launched a new version of Kaspersky Small Office Security, which is designed specifically for businesses with fewer than 25 employees. This Kaspersky Lab solution provides effective protection from all types of Internet threats and helps maintain productivity in the workplace with simple web policies that can control employee access to social networks, online games, or other websites during working hours. Kaspersky Small Office Security also enables business owners to limit file downloads and block access to various applications, keeping the business safe from malware disguised as a legitimate program.

Author: Terry KS

Share This Post On