Major security breaches, defined by a survey "as one that caused real harm, resulted in confidential information...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
taken or interrupted business," are slowly increasing and are most often attributed to human error (47%), rather than technical problems. The survey found 80% of respondents believe that human errors or mistakes were caused by a lack of IT security knowledge, a lack of training or a failure to follow security procedures.
A survey of 896 Computing Technology Industry Association (CompTIA) members and IT security professionals last December indicated that 39% experienced one to three major security breaches in the previous six months, an increase of 8% over its study a year ago. Respondents were from government, IT, financial and education sectors, among others.
Attacks by malicious code (68.6%) were the most commonly noted security issue mentioned by respondents this round. CompTIA said network intrusion -- the second-most commonly faced issue in 2002 -- is much less common now (dropping from 65.1% in 2002 to 39.9% in 2003). Browser-based attacks may be an emerging threat, rising from 25% to 36.8%.
CompTIA found that 80% of respondents attribute the breaches to a lack of IT security knowledge, a lack of training or a failure to follow security procedures. Nearly 1 in 5 of those surveyed reported that none of their IT staff have any formal security training.
Half (49%) of those surveyed don't have a written security policy. Of those who have a policy, 7% say that director-level or higher staff never review it and 9% indicate that director-level or higher staff never update it.
Some 80% of respondents who have invested in security training believe their security has improved; 70% say the same of certification. Reported improvements include enhanced potential risk identification, increased awareness, improved security measures and a generalized ability to respond more rapidly to problems.
According to CompTIA, those who have 25% or more of their IT staff trained in security are less likely (46.3%) to have had a security breach than those with less than 25% of their IT staff trained in security (66%).