OAKBROOK TERRACE: Organizations are doing little to
address the most serious threat to their information security and technology
infrastructure, according to new research released today by the Computing
Technology Industry Association (CompTIA).
Human error was responsible for nearly 60 percent of information security
breaches experienced by organizations over the last year, according to the
fourth annual CompTIA study on information security and the workforce. That
figure is significantly higher than one year ago, when 47 percent of security
breaches were blamed on human error alone.
Despite the prominent role that human behavior plays in information security
breaches, just 29 percent of the 574 organizations that participated in the
survey said that security training is a requirement at their company. Only 36
percent of organizations offer end-user security awareness training.
"The primary cause of security breaches - human error - is not being
adequately addressed," said Brian McCarthy, chief operating officer,
CompTIA. "The person behind the PC continues to be the primary area where
weaknesses are exposed."
The CompTIA study found that antivirus software is nearly universal (96 percent
penetration); and the vast majority of organizations utilize firewalls and proxy
servers (91 percent). Disaster recovery plans, intrusion detection systems and
written information security policies are also popular measures.
"As we get better from a technology standpoint, many organizations seem to
believe that technology solutions alone are sufficient to turn back all attacks,
and a level of complacency may be setting in," McCarthy said. “ The fact
remains that no technology on its own can be completely successful without an
equally strong commitment to information security awareness and training
throughout every level of the organization," he added.
A lack of user awareness, browser-based attacks and remote access were the next
most frequently mentioned security problem areas. The most severe security
breaches were reported by large organizations (7,000 or more employees) and
educational institutions.
Some organizations reported a financial impact above $50,000 for security
breaches, showing that while a "garden variety" breach may be little
more than an inconvenience, the potential for serious harm is always present.
Human error responsible for 60 per cent of IS breaches
New Update