More than two-fifths of companies worldwide have failed to prepare for cyber threats, a survey from security company Kaspersky Lab has revealed.
Some 41% of more than 3,300 IT professionals polled in 22 countries – including 200 in the UK – said their corporate infrastructure lacked the necessary protection to handle online attacks.
Nearly half of respondents said their companies were insufficiently protected against the theft of intellectual property and 51% were sure their system protection infrastructure would be powerless in the face of a serious attempt at industrial espionage.
Over the past year, several targeted cyber attacks have led IT specialists to start taking the issue seriously. The survey showed 11% of respondents believe the threat will be their main concern in the future. One third of specialists are sure their companies will be attacked.
Many IT professionals blamed budget constraints, a lack of understanding among senior managers about their department’s objectives and goals and an insufficient number of trained personnel.
Kaspersky Lab said employee awareness is a crucial factor in the battle against modern malware and its potential consequences. But 31% of respondents said they were not fully aware of the latest Trojans, nor of the means used to conduct targeted attacks on companies.
Only 27% of business representatives had heard about Stuxnet. Even fewer (13%) knew about the Trojan Duqu, designed for the targeted collection of confidential data.
Kaspersky Lab said knowledge among IT professionals about modern threats is as vital as training employees in the rules of computer security.
Deploying systematic security policies and ensuring compliance also helps to protect businesses against the careless activities of employees, Kaspersky Lab said.
The part of the survey that dealt with security policies for mobile devices showed one-third of companies allow their employees to use them with full access to the corporate network and its resources.
“By doing so, they are creating a gaping hole in their security,” the Kaspersky's report said.
When it comes to corporate security policies for personal devices, the findings are not very encouraging either, the Kaspersky report said. Only 9% plan to introduce tough restrictions for personal devices.
Based on the findings of the survey, the research report recommends four areas of action:
31 Aug 2012