Kaspersky Lab, a leading developer of secure content and threat management solutions, revealed in a recent global study that keeping off certain sites and blocking the launch of third-party applications are the most popular ways of employers to ensure IT security.
The study titled Global IT Security Risks: 2012 showed that companies are most likely to restrict access to online games, with 71% of the IT professionals surveyed saying this was part of their strategy.
Slightly less popular methods include restricting or banning social networking sites – a measure mentioned by 68% of those surveyed. From this, it’s possible to conclude that IT specialists risk focusing more on employees’ performance rather than infrastructure security.
The study was carried out in partnership with B2B International in July 2012. It aims to find out the opinions of IT professionals in medium-sized to large enterprises regarding corporate security solutions, determine their level of knowledge of current threats, and look at how they evaluate risks.
Kaspersky Lab surveyed more than 3,300 senior IT professionals from 22 countries. All respondents had an influence on IT security policy, and a good knowledge of both IT security issues and general business matters (finance, HR, etc.).
The results also covered measures which are directly related to infrastructure security and data safety. For example, 50% of companies have restricted or prohibited the use of file exchange services, and 47% have enforced similar rules for connecting external devices to work computers.
More worryingly, though, 43% of IT specialists have already faced deliberate or accidental data leakage due to employee actions. This significant figure suggests there is insufficient control in terms of storing and communicating corporate information.
Of this figure, 42% percent of the respondents said that cybercrime will become a bigger concern in the next two years. This is more than likely to happen considering the increasing number of malicious programs and the emergence of new types of attack. Half as many of the professionals surveyed believed there would be an increase in other IT risks: intellectual property theft and industrial espionage scored 19% each, while those foreseeing future risks coming from computer fraud amounted to 16% of the respondents.
Among the other IT security risks cited were intellectual property theft (31 percent), computer fraud (26 percent) and industrial espionage (24 percent).
The study also said that it’s important to remember that any ban or restrictions should be applied beyond workstations within the corporate network and cover other computers such as corporate laptops which can be connected to public Wi-Fi networks.
In the report, corporate security policies are ineffective and dedicated software is needed. Such solutions are available as part of Kaspersky Endpoint Security 8 for Windows. Its Web Control module allows system administrators to block or restrict access to certain websites, social services and online games.
These can be blocked automatically, or according to manually specified criteria or blacklists. WebControl makes it possible to introduce separate security policies for different user groups as well as flexibly restrict access to certain resources during work and non-work time.
Jimmy Fong, Channel Sales Director for Kaspersky Lab Southeast Asia, said that the survey is an indication of the direction towards IT security among medium-to-large corporations in a global scale. “The surprising figures have changed little over the previous year’s survey, which indicates that there is still a lot of work to do in informing corporations about up and coming threats, the damage these threats will create on companies’ network and data, as well as the policies needed to be placed to ensure security.”
“Any company in the Philippines has to be absolutely prepared to face these security issues if they are serious in pursuing their business goals,” said Fong.
Kaspersky Lab suggests the following set of recommendations to protect business against digital threats, some of which can be easily implemented.
* Data encryption — Confidential data leaks are one of the biggest challenges facing all companies. Kaspersky Lab strongly recommends partial or complete encryption of data as an additional layer of security. Even if a device ends up in the wrong hands or a malware attack is successful, a cybercriminal that gains access to files that have been encrypted will not be able to see their contents.
* Paying particular attention to personal devices — Many employees at both large and small companies use personal devices, usually mobile, to connect to the corporate network and work with confidential information. Sometimes these devices are not sufficiently protected which can lead to data loss. For employees, the use of personal devices for handling corporate data is so natural that they don’t even think about the dangers. That’s why the company needs to implement a security policy that covers the use of both personal and corporate mobile devices for work-related tasks.
* Be prepared for targeted attacks — Although targeted attacks are not as common a threat as worms and Trojans, in the future the number of attacks targeting the infrastructure of specific companies will grow. One-third of those surveyed believe that their company will eventually be attacked with highly unpredictable consequences. We recommend putting measures into place now for combating targeted attacks, and in particular paying more attention to proactive protection methods designed to prevent threats rather than dealing with the consequences.
* Educating staff — The survey showed that a significant number of key specialists don’t know anything about the cyber-threats they are expected to combat. This is compounded by a low level of computer literacy among employees which can lead to a company’s IT infrastructure being infected or confidential information being leaked. That is why teaching company personnel all the basics of IT security is no less important than installing the latest security software.