Survey: Major security breaches usually due to human error

Shawna McAlearney, News Writer

Major security breaches, defined by a survey "as one that caused real harm, resulted in confidential information taken or interrupted business," are slowly increasing and are most often attributed to human error (47%), rather than technical problems. The survey found 80% of respondents believe that human errors or mistakes were caused by a lack of IT security knowledge, a lack of training or a failure to follow security procedures.

A survey of 896 Computing Technology Industry Association (CompTIA) members and IT security professionals last December indicated that 39% experienced one to three major security breaches in the previous six months, an increase of 8% over its study a year ago. Respondents were from government, IT, financial and education sectors, among others.

Attacks by malicious code (68.6%) were the most commonly noted security issue mentioned by respondents this round. CompTIA said network intrusion -- the second-most commonly faced issue in 2002 -- is much less common now (dropping from 65.1% in 2002 to 39.9% in 2003). Browser-based attacks may be an emerging threat, rising from 25% to 36.8%.

CompTIA found that 80% of respondents attribute the breaches to a lack of IT security knowledge, a lack of training or a failure to follow security procedures. Nearly 1 in 5 of those surveyed reported that none of their IT staff have any formal security training.

Half (49%) of those surveyed don't have a written security policy. Of those who have a policy,

    Requires Free Membership to View

7% say that director-level or higher staff never review it and 9% indicate that director-level or higher staff never update it.

Some 80% of respondents who have invested in security training believe their security has improved; 70% say the same of certification. Reported improvements include enhanced potential risk identification, increased awareness, improved security measures and a generalized ability to respond more rapidly to problems.

According to CompTIA, those who have 25% or more of their IT staff trained in security are less likely (46.3%) to have had a security breach than those with less than 25% of their IT staff trained in security (66%).

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: