Survey: Major security breaches usually due to human error

Major security breaches are on the rise and most often attributed to human error, rather than technical problems, according to a recently released survey by an IT industry group.

Major security breaches, defined by a survey "as one that caused real harm, resulted in confidential information...

taken or interrupted business," are slowly increasing and are most often attributed to human error (47%), rather than technical problems. The survey found 80% of respondents believe that human errors or mistakes were caused by a lack of IT security knowledge, a lack of training or a failure to follow security procedures.

A survey of 896 Computing Technology Industry Association (CompTIA) members and IT security professionals last December indicated that 39% experienced one to three major security breaches in the previous six months, an increase of 8% over its study a year ago. Respondents were from government, IT, financial and education sectors, among others.

Attacks by malicious code (68.6%) were the most commonly noted security issue mentioned by respondents this round. CompTIA said network intrusion -- the second-most commonly faced issue in 2002 -- is much less common now (dropping from 65.1% in 2002 to 39.9% in 2003). Browser-based attacks may be an emerging threat, rising from 25% to 36.8%.

CompTIA found that 80% of respondents attribute the breaches to a lack of IT security knowledge, a lack of training or a failure to follow security procedures. Nearly 1 in 5 of those surveyed reported that none of their IT staff have any formal security training.

Half (49%) of those surveyed don't have a written security policy. Of those who have a policy, 7% say that director-level or higher staff never review it and 9% indicate that director-level or higher staff never update it.

Some 80% of respondents who have invested in security training believe their security has improved; 70% say the same of certification. Reported improvements include enhanced potential risk identification, increased awareness, improved security measures and a generalized ability to respond more rapidly to problems.

According to CompTIA, those who have 25% or more of their IT staff trained in security are less likely (46.3%) to have had a security breach than those with less than 25% of their IT staff trained in security (66%).

Dig Deeper on Security Resources

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close