Tech

Human error responsible for 60 per cent of IS breaches

CIOL Bureau

13 Apr 2006 00:00 IST

Updated On 13 Apr 2006 05:17 IST

New Update

OAKBROOK TERRACE: Organizations are doing little to address

the most serious threat to their information security and technology

infrastructure, according to new research released today by the Computing

Technology Industry Association (CompTIA).

Human error was responsible

for nearly 60 percent of information security breaches experienced by

organizations over the last year, according to the fourth annual CompTIA study
on information security and the workforce. That figure is significantly higher
than one year ago, when 47 percent of security breaches were blamed on human

error alone.

Despite the prominent role that human behavior plays in

information security breaches, just 29 percent of the 574 organizations that

participated in the survey said that security training is a requirement at their
company. Only 36 percent of organizations offer end-user security awareness
training.

"The primary cause of security breaches - human error - is not

being adequately addressed," said Brian McCarthy, chief operating officer,

CompTIA. "The person behind the PC continues to be the primary area where
weaknesses are exposed."

Advertisment

Read more on Security

“Any

breach of security can seriously impact an organization”

Beware

of security breach over Instant messenger!

Jack

n' Jill work in nude, security thrown to winds

Remove

complexity from security

The CompTIA study found that antivirus software

is nearly universal (96 percent penetration); and the vast majority of

organizations utilize firewalls and proxy servers (91 percent). Disaster

recovery plans, intrusion detection systems and written information security

policies are also popular measures.

"As we get better from a technology

standpoint, many organizations seem to believe that technology solutions alone

are sufficient to turn back all attacks, and a level of complacency may be
setting in," McCarthy said. “ The fact remains that no technology on its own can
be completely successful without an equally strong commitment to information

security awareness and training throughout every level of the organization," he

added.

A lack of user awareness, browser-based attacks and remote access

were the next most frequently mentioned security problem areas. The most severe

security breaches were reported by large organizations (7,000 or more employees)
and educational institutions.

Some organizations reported a financial

impact above $50,000 for security breaches, showing that while a "garden

variety" breach may be little more than an inconvenience, the potential for
serious harm is always present

tech-news