Accidental data leaks by staff now a primary security weak point
According to a new Kaspersky Lab survey, over a quarter of organisations have suffered from data loss in the past year, with internal IT threats behind the majority of data loss in business and infrastructure environments
Short of time?
For the first time, accidental data sharing by staff now loses more data than software vulnerabilities, according to the latest in an ongoing survey from security firm Kaspersky.
According to the global survey of IT professionals, accidental data leaks by staff, which were reported by 29% of all businesses, are the second most-commonly reported internal threat and are now the biggest source of lost data. 20% of all businesses reported losing data from a software vulnerability incident, while 22% reported losing data from an accidental leak by staff. This suggests that businesses are slowly winning their struggle with software vulnerabilities, but data loss is growing in other areas of businesses.
27% of all businesses reported having lost sensitive business data due to internal IT threats in the past year. The survey found a 9% drop in reported software vulnerabilities encountered amongst medium, large and enterprise businesses.
The same group also reported a 5% decrease in data loss resulting from software vulnerabilities. On the other hand, reports of accidental data leaks by staff have remained steady during that time period, while the amount of lost data attributed to accidental data leaks by staff has increased by 2%, making accidental data leaks the top internal threat responsible for lost data.
The report stressed the need for companies need to boost the level of data security awareness among employees in order to prevent data leaks.
'In particular,' it said, 'this means building a stronger understanding of working with and handling corporate information stored on mobile devices.'
'Security policies setting out an employee's responsibilities and accountability when it comes to the disclosure of confidential information is yet another action that can considerably boost the level of corporate data security.'