85% of organisations in South Africa experienced an internal information security incident last year, some of which led to sensitive data loss, according to the Global Corporate IT Security Risks 2013 survey carried out by the B2B International research agency and Kaspersky Lab. The survey found that the most common types of internal threats are: vulnerabilities or flaws and Loss/theft of mobile devices by staff.
Most companies around the globe understand the importance of IT security preventive measures and implement them to varying degrees. In order to minimize internal security risks, 52% of the organisations surveyed in South Africa have network structures that, for example, separate mission-critical networks from other networks and 66% use different levels of access privilege to IT systems.
However, many companies admit that existing measures are insufficient and some are increasingly implementing new security solutions which could enforce policies and provide additional protection from data loss.
For instance, less than half the companies surveyed locally use application control, device control or an anti-malware agent for mobile devices. Even fewer organisations in South Africa have implemented a Mobile Device Management solution (18%) or encryption on removable devices (32%).
Another problem is that employees do not always comply with existing corporate security policies, and less than half of the companies locally (41%) have clearly outlined sanctions and disciplinary procedures for when IT security policies are breached. Meanwhile, 43% of the companies surveyed feel that security policies are valued by the staff.