Spam has passed malware as the most common external security threat to companies, but the number of companies facing targeted attacks rose by 25 percent in the past year, according to a survey released this week by Kaspersky Labs. The IT Security Risks Survey 2014 (PDF), compiled by Kaspersky and B2B International, surveyed 3,900 employees from companies of all sizes from 27 countries, and found IT security threats to be not only evolving but growing.
Ninety-four percent of companies experienced cyber security issues in the last year, up three percent. Total damages from each data security incident also increased, by 14 percent for large companies and 12 percent for SMEs.
“In last year’s study, concern No. 1 for IT management teams was the prevention of data security breaches as a whole,” the report says. “However this year, the main concern is a more narrow and complicated task: protecting against targeted attacks. This change in priorities speaks to the fact that companies are, at the very least, developing a better understanding of what’s behind existing data security risks and how to protect themselves against specific risks, rather than the broader idea of malware in general.”
Kaspersky has raised its profile in the last few months, after warning Android and Windows phone users about fake security apps in May and publically identifying the Luuuk Trojan in June, which spawned a series of silly Star Wars jokes.
In the 2013 report, 66 percent of respondents said malware was the greatest external threat to their companies. The latest survey showed a five percent drop in malware problems, while spam was identified as a problem by 64 percent.
The top priority for the most companies is protection against confidential data leaks, which was cited by 38 percent. Companies with cybersecurity incidents lose data about internal operations 43 percent of the time, while they lose client data in 31 percent of attacks and financial data in 22 percent.
The report also indicates that threats do not apply consistently to companies of different sizes or in different sectors. Thirty-two percent of healthcare organizations were victimized by missing or stolen mobile devices, while this risk drops to 23 percent when all sectors are considered. Likewise 31 percent of “very small businesses” are addressing mobile security this year, while only 24 percent of all companies surveyed consider mobile security a top IT security priority.