A new report from Kaspersky Lab revealed that company employees are among the leading cyberthreats to North American companies.
According to the “Business Perception of IT Security: In the Face of an Inevitable Compromise” report, 20 percent of businesses worldwide experienced four or more data breaches in the last 12 months, while North American businesses suffered double the global amount at 44 percent.
Enterprises in North America said careless/uninformed employee actions (59 percent) and phishing/social engineering (56 percent) were the largest drivers of the serious data breaches they experienced.
“The survey results indicate the need for a different view on the growing complexity of cyberthreats,” Veniamin Levtsov, vice president of enterprise business at Kaspersky Lab, said in a press release.
“The key point here is that threats are not necessarily getting more sophisticated. It’s the growing attack surface that requires more diverse set of protection methods. This makes matters even more complicated for IT security departments. The most important finding is the companies’ points of vulnerability: threats like employee carelessness and data exposure due to inappropriate sharing of device theft.”
Fifty-two percent of businesses in North America that responded to the survey admitted to being least prepared and protected for mobile security threats.
Levtsov explained that, in order to overcome these challenges, companies must require better employee awareness and regular training.
“Adding targeted attacks, issues related to cloud services and IT outsourcing to the context reveals a need for an integrated approach: well-proven technologies to prevent widespread cyberthreats; intelligent systems to analyze the workflow, detect potential weak points and targeted attacks; security expertise, awareness and training to address a company’s general resistance towards current and potential threats,” he added.
Cybersecurity experts have long warned about the risks posed by insider threats — usually posed by privileged users, such as system administrators, database administrators and managers, who have access to sensitive company information.
The “Insider Threat Report,” released last year, found that 59 percent of cybersecurity professionals said these privileged users represent the biggest risk to organizations, closely followed by contractors and consultants (48 percent) and then regular employees (46 percent).
Whether insider threats are implemented deliberately or happen inadvertently through the actions of those with access to valuable data, an organization may put itself more at risk by not having the appropriate systems in place.