Human error responsible for 60 per cent of IS breaches

OAKBROOK TERRACE: Organizations are doing little to

address the most serious threat to their information security and technology

infrastructure, according to new research released today by the Computing

Technology Industry Association (CompTIA).






Human error was responsible for nearly 60 percent of information security
breaches experienced by organizations over the last year, according to the

fourth annual CompTIA study on information security and the workforce. That

figure is significantly higher than one year ago, when 47 percent of security

breaches were blamed on human error alone.






Despite the prominent role that human behavior plays in information security
breaches, just 29 percent of the 574 organizations that participated in the

survey said that security training is a requirement at their company. Only 36

percent of organizations offer end-user security awareness training.






"The primary cause of security breaches - human error - is not being
adequately addressed," said Brian McCarthy, chief operating officer,

CompTIA. "The person behind the PC continues to be the primary area where

weaknesses are exposed."






The CompTIA study found that antivirus software is nearly universal (96 percent
penetration); and the vast majority of organizations utilize firewalls and proxy

servers (91 percent). Disaster recovery plans, intrusion detection systems and

written information security policies are also popular measures.






"As we get better from a technology standpoint, many organizations seem to
believe that technology solutions alone are sufficient to turn back all attacks,

and a level of complacency may be setting in," McCarthy said. “ The fact

remains that no technology on its own can be completely successful without an

equally strong commitment to information security awareness and training

throughout every level of the organization," he added.






A lack of user awareness, browser-based attacks and remote access were the next
most frequently mentioned security problem areas. The most severe security

breaches were reported by large organizations (7,000 or more employees) and

educational institutions.






Some organizations reported a financial impact above $50,000 for security
breaches, showing that while a "garden variety" breach may be little

more than an inconvenience, the potential for serious harm is always present.