Kaspersky Lab, a leading developer of secure content and threat management solutions, revealed in a recent global study that curtailing access to certain sites and blocking the launch of third-party applications are the most popular ways for employers to ensure IT security.
The study titled Global IT Security Risks: 2012 showed that companies are most likely to restrict access to online games, with 71 percent of the IT professionals surveyed saying this was part of their strategy.
Slightly less popular methods include restricting or banning social networking sites – a measure mentioned by 68 percent of those surveyed. From this, it’s possible to conclude that IT specialists risk focusing more on employees’ performance rather than infrastructure security.
The study was carried out in partnership with B2B International in July 2012. It aims to find out the opinions of IT professionals in medium-sized to large enterprises regarding corporate security solutions, determine their level of knowledge of current threats, and look at how they evaluate risks.
Kaspersky Lab surveyed more than 3,300 senior IT professionals from 22 countries. All respondents had an influence on IT security policy, and a good knowledge of both IT security issues and general business matters.
The results also covered measures which are directly related to infrastructure security and data safety. For example, 50 percent of companies have restricted or prohibited the use of file exchange services, and 47 percent have enforced similar rules for connecting external devices to work computers.
More worryingly, though, 43 percent of IT specialists have already faced deliberate or accidental data leakage due to employee actions. This significant figure suggests there is insufficient control in terms of storing and communicating corporate information.
The study also said that it’s important to remember that any ban or restrictions should be applied beyond workstations within the corporate network and cover other computers such as corporate laptops which can be connected to public Wi-Fi networks.
Kaspersky Lab suggests the following set of recommendations to protect business against digital threats, some of which can be easily implemented.
* Data encryption — Confidential data leaks are one of the biggest challenges facing all companies. Kaspersky Lab strongly recommends partial or complete encryption of data as an additional layer of security. Even if a device ends up in the wrong hands or a malware attack is successful, a cybercriminal that gains access to files that have been encrypted will not be able to see their contents.
* Paying particular attention to personal devices — Many employees at both large and small companies use personal devices, usually mobile, to connect to the corporate network and work with confidential information. Sometimes these devices are not sufficiently protected which can lead to data loss. For employees, the use of personal devices for handling corporate data is so natural that they don’t even think about the dangers. That’s why the company needs to implement a security policy that covers the use of both personal and corporate mobile devices for work-related tasks.
* Be prepared for targeted attacks — Although targeted attacks are not as common a threat as worms and Trojans, in the future the number of attacks targeting the infrastructure of specific companies will grow. One-third of those surveyed believe that their company will eventually be attacked with highly unpredictable consequences. We recommend putting measures into place now for combating targeted attacks, and in particular paying more attention to proactive protection methods designed to prevent threats rather than dealing with the consequences.
* Educating staff — The survey showed that a significant number of key specialists don’t know anything about the cyber-threats they are expected to combat. This is compounded by a low level of computer literacy among employees which can lead to a company’s IT infrastructure being infected or confidential information being leaked. That is why teaching company personnel all the basics of IT security is no less important than installing the latest security software.