Main cause of security incidents down to employees
Employee error is one of the main causes of internal IT security incidents leading to leakage of confidential corporate data, according to the findings of a survey conducted by B2B International and Kaspersky Lab.
Although vulnerabilities in software used by company staff in their daily duties is one of the top reasons behind internal IT security incidents (with 39% of companies reporting this issue), the volume of different types of incidents taking place due to staff errors is equally high, the report survey found.
Four out of five types of internal IT security incidents that took place within companies were closely related to erroneous employee actions.
Approximately 32% of respondents reported leaks that took place as a result of employee mistakes. A slightly lower number of companies – 30% – reported incidents where the employee was at fault over the loss or theft of mobile devices. 19% of the companies participating in the survey reported that employees were involved in intentional leaks. 18% reported incidents that were caused by incorrect use of mobile devices (via mobile email clients or text messaging).
At the same time, an average of 7% of respondents reported that employee actions were the cause of leakages of critically confidential information relating to company operations. Most commonly, leakages of critically sensitive data occurred when employees were responsible for the loss or theft of mobile devices with 9% of respondents reporting these types of incidents.
"These types of incidents can be eliminated – or at least the risk can be minimised – by implementing a set of measures including educating employees about IT threats and developing, putting into place, and overseeing the enforcement of appropriate security policies within the company. Another preventative action to consider is the use of specialised security solutions, such as Kaspersky Endpoint Security for Business", commented David Emm, senior security researcher at Kaspersky Lab.
Read David Emm’s thoughts on dealing with security breaches here.