Personal mobile devices ‘one of the main’ computer security hazards for business

Nearly one in five firms surveyed reported they experienced a theft of mobile devices, such as cellphones and tablet computers, while 5% reported a loss of sensitive data due to theft of mobile devices.

Moscow-based computer security vendor Kaspersky Lab recently announced the results of its global corporate IT security risks survey for 2013.

“Personal mobile devices used for work-related purposes remain one of the main hazards for businesses,” Kaspersky stated in the survey results, noting 65% of IT professionals surveyed “saw a threat in the Bring Your Own Device policy.”

The survey, conducted by Kaspersky and B2B International, is based on 2,895 interviews with IT professionals working in companies from 24 countries.

Twenty-one per cent reported a theft of mobile devices and 5% reported loss of sensitive data from theft of mobile devices,, while 9% reported theft of non-sensitive business data due to theft of mobile devices.

“Information leaks committed using mobile devices – intentionally or accidentally – constitute the main internal threat that companies are concerned about for the future,” Kaspersky noted.

The report included a chart displaying the percentage of respondents who experienced certain IT threats in 2011, 2012 and 2013

About two-thirds (66%) reported experiencing viruses, worms, spyware and other malicious programs, and 12% reported losing sensitive business data from viruses, worms spyware and other malicious programs.

Five per cent reported losing sensitive business data from phishing attacks while  6% reported losing sensitive business data from network intrusion or hacking.

Nearly one in five (19%) reported having experienced denial of service attacks.

About 39% of respondents said over the past year, “vulnerabilities in legitimate software programs have been a source of corporate computer infections and critical data leakage,” Kaspersky noted.

“Of the companies that reported security problems due to software vulnerabilities, 10 percent reported leakages of critical corporate data. Overall, 25 percent of survey participants suffered data leakages involving company business due to an internal security issue.”

Kaspersky also included survey data on the cost of security incidents, noting a “serious incident” can cost a large company an average of US$649,000.

“For small and medium-sized companies the bill averages at about US$50,000,” Kaspersky added.

A “successful targeted attack” can cost a large company US$2.4 million in “direct financial losses and additional costs,” Kaspersky noted in the report.