Vulnerabilities in software regularly used by employees at work are the leading cause of internal cyber-security incidents in business.

This was one of the conclusions drawn by the Global Corproate IT Security Risks 2013 survey conducted by B2B International in collaboration with Kaspersky Lab in 2013.

Vulnerabilities in legitimate software programs are a major source of corporate computer infections and critical data leakage. Approximately 35% of the survey participants in South Africa said that over the past 12 months, this had been the case at least once for their organisations.

While the number of such incidents has fallen substantially since 2011 – from 51% to 35% – it is still high. In total, approximately 85% of companies have reported internal IT security incidents, and software vulnerabilities were the single biggest cause.

The highest percentage of incidents was noted in Russia, where 51% of survey respondents were affected; 43% of companies based in Asia-Pacific encountered these issues, as did 38% of companies in North America. Japanese companies had the lowest frequency of vulnerability-related security problems at just 29%.

At the same time, 21% of survey participants in South Africa suffered data leakages involving company business and caused by vulnerabilities in corporate software, while 11% of companies locally reported leakages of critical corporate data leading to financial losses.

Vulnerabilities are ultimately the responsibility of developers, rather than companies using the software. But, regardless of who is to blame, without extra protection, the company’s IT infrastructure will remain vulnerable until software developers release updates to patch these vulnerabilities.

That’s why using a security solution with advanced technologies facilitating the detection and interception of attacks launched via software vulnerabilities is critical for any company. An advanced security solution will also help prioritise the update of software programs once vulnerabilities have been detected.