Study: 40% Saudi Companies Have Suffered Information Security Breaches

Posted in

A study involving 5,500 IT professionals from 26 countries around the world, including the Kingdom, revealed that 40% of companies operating in the Kingdom have been affected by breaches of their internal information security, The study, conducted by Kaspersky Lab, showed that employees of these companies were the main cause of confidential data loss.

Globally, 21% companies were affected by internal breaches that led to the loss of valuable data, which subsequently had a negative impact on their operations, The survey also revealed instances of accidental data leaks (affecting 10% of companies in the Kingdom) and international leaks of important and valuable corporate data (affecting 7% of companies in the Kingdom). Internal threats were not limited to data leaks but also included the loss and theft of employees“ mobile devices. 19% of respondents confirmed that they lose at least one mobile device containing company data at least once a year.

The study attributed the breaches to the presence of new components that create new security vulnerabilities. Compounding the situation is the fact that employees—especially those lacking specialized IT knowledge—are unable to keep pace with the ever-changing IT environment. As a result, the company is exposed not only to external threats but also to internal threats originating from employees.

The study called for strengthening comprehensive security, as reliable multi-layered protection will prevent the company from incurring additional costs resulting from external or internal security breaches, and in particular, the use of all technological solutions designed to combat phishing and encryption attacks and to protect mobile devices, virtual infrastructure, and financial transactions—reliable, targeted security protection for individual nodes distributed across the company’s IT architecture— The implementation of various security policies, along with specialized services—such as breach investigations, independent assessments of the company’s IT infrastructure, and employee training—will help mitigate the risks of potential attacks.