Kasperky: Global Corporate IT Security Risks 2013 survey

85% of organizations worldwide experienced an internal information security incident last year, some of which led to sensitive data loss, according to the Global Corporate IT Security Risks 2013 survey carried out by the B2B International research agency and Kaspersky Lab. The survey found that the three most common types of internal threats are: vulnerabilities or flaws in existing software, accidental leaks of data due to human error, and the loss or theft of mobile devices.

Most companies around the globe understand the importance of IT security preventive measures and implement them to varying degrees. In order to minimize internal security risks, half of the organizations surveyed have network structures that, for example, separate mission-critical networks from other networks and 52% use different levels of access privilege to IT systems.

However, many companies admit that existing measures are insufficient and some are increasingly implementing new security solutions which could enforce policies and provide additional protection from data loss. For instance, less than half the companies surveyed use application control, device control or an anti-malware agent for mobile devices. Even fewer organizations have implemented a Mobile Device Management solution (24%) or encryption on removable devices (33%).

Another problem is that employees do not always comply with existing corporate security policies, and less than half of companies (46%) have clearly outlined sanctions and disciplinary procedures for when IT security policies are breached. Meanwhile, just under half (48%) of the companies polled feel that security policies actually bring any value to the staff.

Five ways CIOs can improve IT security

IT security is a difficult issue, especially with the topic gaining unprecedented exposure in the press as of late. Here are five pragmatic and quick steps you can take to increase security in your organization.
IT security is a difficult issue, especially with the topic gaining unprecedented exposure in the press as of late. Not only do you have to worry about nefarious governments and freelance hackers, but now must add government agencies like the NSA and even organized crime to the list of security concerns. Budget discussions are no longer simple matters of dollars and cents, but questions about the very security of your company’s proprietary, financial, and customer information. So what are some pragmatic and quick steps you can take to increase security?

IT Security From The Eyes Of Data Scientists

Enterprises will increasingly employ data science experts to help drive security analytics and risk mitigation

 As IT security leaders try to base more of their day-to-day decisions on statistical analysis of relevant data coming from IT infrastructure and business processes, they’re running into a skills and resource gap. Often security teams have lots of specialists with deep technical knowledge of attack techniques and trends, but they frequently lack the skills to aggregate and manipulate data in order to draw meaningful conclusions from statistical trends.