Information Security:
2016 in Review

SearchInform experts prepared an annual research on the information security level in the companies of the CIS countries. The data for the research was collected during the series of the Road Show SearchInform 2016 conferences ‘Insider: Detect and Neutralize’. The event gathered 3,057 information security experts and other experts from 23 CIS cities.

COMPANY PROFILE

Sphere:

16%
Information
technology
6%
Retail
6%
Government
3%
Medicine and
health care
7%
Oil and gas
2%
Construction
2%
Law enforcement
8%
Credit and
financial sphere
21%
Industry and
transportation
2%
Hospitality
3%
Fuel
24%
Other (production, aviation, etc.)

Staff:

up to 100 employees
27%
100-500 employees
36%
500-1000 employees
12%
1000-1500 employees
7%
over 1500 employees
17%

DATA LEAKAGES AND
THEFT ATTEMPTS

 
49%
of the companies in the CIS faced confidential data leakages in 2016. This rate is 3% less than it was last year
17%
of the companies managed to
prevent data theft attempts

CIS COMPANIES MOSTLY USED TO LOSE:

25%
 
 
Data about
clients and deals
18%
 
 
Commercial
secret
18%
 
 
Technical
information
15%
 
 
Personal
data
12%
 
 
Data
about partners
9%
 
 
Internal
accounting

PORTRAIT OF INSIDER

In 2016, it was mostly common employees (52%) who were trying to steal confidential data. As a comparison: last year, around 30% of thefts were committed by managers.

52%
Common
employees
14%
Management
10%
Accountants,
economists and
financial experts
7%
Insiders
6%
Executive
assistants,
secretaries
6%
System
administrators
1%
Contractor
 
It is also known that ex-employees regardless
of their position are in the risk group: while leaving
the job, some of them steal information to take revenge,
others steal it to gain a new employer’s favour.
47%
of the CIS companies
caught their ex-employees
in data theft

WHO PROTECTS

At present, the rate of information security experts, who are in charge of information security, has been steadily increasing. And in 2015, this rate amounted only up to 22%.

44%
 
 
IT departments
42%
 
 
Information security departments
14%
 
 
Management
63%
of employees of information
security departments have
field-specific education

HOW THEY PROTECT

34%
of the CIS companies do not secure their sensitive data
 

WHAT THEY PROTECT

In 2016, more CIS companies started monitoring documents sent to print: this rate increased by 3%. Otherwise, companies started paying less attention to popular data channels:

Email
29% (-4%)
External devices
20% (-1%)
Documents sent to print
12% (+3%)
Instant messengers
11% (-3%)
Skype
8%
Cloud services
7%
 

Some companies consider that the best way to prevent data leakages over particular channels is to block them. 53% of the companies do so. Among the channels, cloud services (blocked by 5% of the respondents), entertainment websites (5%) and anonymizers (1%) are of the least concern to employers. The top three channels to be blocked are

49%
 
 
Social networks
32%
 
 
Messengers
8%
 
 
Email
47%
of the companies consider that
channels blocking won’t stop
an insider, and leave all channels open,
choosing rather to control them

EMPLOYEES
AND INFORMATION SECURITY

75% of the CIS companies instruct on information security rules. Last year, employees in 72% of the companies were instructed on information security.

86%

of the CIS companies suggest that their employees sign
a non-disclosure agreement.

What penalties are applied to an employee who let a breach occur?

 
Dismissal
35%
Deprivation of bonuses/fine
27%
Reprimand
26%
No penalties
8%
Other *
2%
 

* Other variants: limiting access to information, dismissal after a second incident,
disciplinary penalties by the management decision, etc.

LIABILITY OF PARTIES

In 2016, the CIS companies started informing more often about incidents. A year back, it was 11% of the companies that used to do this.

 

HOW IMPORTANT IS PROTECTION??

40%

of the companies assess importance
of confidential data protection with
a score of 10 out of 10 points



 

16% - 5 out of 10 points

14% - 8 out of 10 points

12% - 7 out of 10 points