If North American enterprises ever had any doubt they are the prime targets of cyber attackers, a new Kaspersky report should erase them.
According to the report, based on a global survey of more than 4,000 business representatives from 25 countries, nearly half (44 percent) of North American responding firms with 1,000 or more employees suffered four or more data breaches in the past 12 months. That’s double the amount that businesses worldwide suffered (20 per cent).
It wasn’t clear from the report how many North American companies from that 4,000 were surveyed, or how many of that subset were enterprises.
On the other hand the survey results showed 32 per cent of North American businesses experienced a data loss due to a cybersecurity incident, significantly lower than worldwide (43 per cent.)
“The survey results indicate the need for a different view on the growing complexity of cyberthreats,” Veniamin Levtsov, vice president, enterprise business at Kaspersky Lab, said in a release. “The key point here is that threats are not necessarily getting more sophisticated. It’s the growing attack surface that requires more diverse set of protection methods. This makes matters even more complicated for IT security departments.
“The most important finding is the companies’ points of vulnerability: threats like employee carelessness and data exposure due to inappropriate sharing of device theft. Such challenges cannot be addressed by a technology or algorithm, instead they require better employee awareness and regular training. Adding targeted attacks, issues related to cloud services and IT outsourcing to the context reveals a need for an integrated approach: well-proven technologies to prevent widespread cyberthreats; intelligent systems to analyze the workflow, detect potential weak points and targeted attacks; security expertise, awareness and training to address a company’s general resistance towards current and potential threats.”
The report puts it more bluntly: “We are confident that 99 per cent of security threats can be repelled by highly efficient, automated, intelligent software technologies. The remaining one percent requires not technology, but a new mind set” of employees.
Asked to break down the top causes of data leakage, globally respondents blamed careless/uninformed employees for 19 per cent of the breaches, phishing/social engineering for 16 per cent, while accidental loss of hardware and crypto-malware/ransomware each tied at 12 per cent. Viruses/malware/trojans tied with Exploits and/or losses through mobile device sat 10 per cent.
Among the findings only half of both global and North American respondents agreed with the statement “We now assume our IT security will be compromised at some point and we need to be prepared. Why more don’t agree with that isn’t explained. Similarly, roughly half of respondents agreed that “We need to improve our incident response plans for data breach/ IT security events.”
The global and North American versions of the survey are available here. Registration is required.