Loss or exposure of sensitive data is the worst outcome of a cybersecurity incident, but only 53,9% of South African businesses agree that they have to be better prepared for an inevitable security compromise.
This fact emerged from the latest Kaspersky Lab report, “Business Perception of IT Security: In the Face of an Inevitable Compromise”, based on the 2016 Corporate IT Security Risks survey.
Despite the evident threat of cyberattacks, the survey revealed mixed views on the state of protection and strategic mitigation approaches, exposing key weaknesses and vulnerabilities to existing and emerging threats. All companies today are faced with cyberattacks in some form or another, and in the last 12 months, 53.9% of local businesses experienced data loss as a result of a breach. For large businesses globally, one in five (20%) reported four or more data breaches during the period.
Kaspersky Lab’s 2016 worldwide survey focused on comparing the perception of security threats with the reality of cybersecurity incidents experienced, to highlight potential points of vulnerability beyond the usual suspects of malware and spam. Key emerging threats were well represented among businesses globally: 32% of companies had experienced a targeted attack and 20% had experienced an incident involving ransomware. Another serious threat which was exposed by the survey is the carelessness of employees: this vector contributed to a security incident in almost half (43%) of the companies.
However, when asked about where they feel particularly vulnerable, a different set of challenges emerged. The top three most difficult threats globally to manage include: inappropriate sharing of data via mobile devices (54%); physical loss of hardware exposing sensitive information (53%); and inappropriate use of IT resources by employees (50%). This is followed by more emerging challenges such as the security of third-party cloud services, IoT threats, and security issues associated with outsourcing of IT infrastructure. The difference between perception and reality hints at the need for security strategies which go beyond just prevention and, in a broader context, technology.
Veniamin Levtsov, vice-president, enterprise business at Kaspersky Lab, comments: “The survey results indicate the need for a different approach to tackling the growing complexity of cyberthreats. The difficulties come not necessarily from the sophistication of attacks, but the growing attack surface that requires a more diverse set of protection methods. This makes matters even more complicated for IT Security departments who have more points of vulnerability to lock down; and employee carelessness adds up to the grim reality of the modern threat landscape. A truly efficient strategy therefore requires a combination of security technology, the analysis of external and internal cyber threat intelligence, constant monitoring, and the application of best practice for incident response”.