Human error is still to blame for most IT security breaches, according to the latest data released by the Computing Technology Industry Association (CompTIA).
The results of CompTIA’s second annual IT security survey indicate that while human error is accounting for more security breaches than ever before, better training and preparation are enabling organisations across the globe to limit the impact of these breaches on operations.
Of the 900 global organisations CompTIA surveyed, 84% blamed human error either wholly or in part for their last major security breach, a rise of 21% from the previous year.
“The findings underscore the fact that security and human capital, more so than security and technology, should be given the highest priority by all organisations,” said John Venator, president and chief executive officer, CompTIA. “Human knowledge and action are critical to making networks and IT infrastructure secure. And while awareness of the threat posed by IT security breaches has increased dramatically, many organisations have been slow to make the appropriate investments in time and budget to properly address these threats.”
CompTIA’s survey found that 58% of firms had experienced at least one major IT security breach (described as one that caused real harm, resulted in the loss of confidential information or interrupted business operations) in the last six months. However, on the whole organisations categorised the severity level of recent security breaches as “minimally severe”, lower than one year ago.
Organisations also reported that training and certification had significantly improved their security. Those with one-quarter or more of their IT staff trained in security said they were less likely to have had a departmental security breach than those with fewer IT staff trained in security.
Comp TIA’s results come at a time when IT security is regularly making the news. Only last week IT security firms warned that more variants on the Bagle and Netsky worms should be expected. “The Bagle variants just keep on coming,” said Carole Theriault, security consultant at Sophos.
IT users in the Middle East region are viewed by many experts as more susceptible to security intrusion than those in Europe and America. A Scanit survey last year classified 73% of browsers in 13 Middle East countries as being at “high risk” of security intrusion, with the other 25% of respondents classified as medium risk.
Last month, Zaid Abunuwar, enterprise group manager, Microsoft South Gulf, told Windows Middle East that three key actions can help users protect their systems, namely: keeping operating systems up-to-date; using a firewall programme; and installing anti-virus software. “These three measures,” said Abunuwar, “can help improve your PC’s security by 90-95%.”
In the case of SME organisations, Tom Scholtz, vice president, security strategies at Meta Group, explained that problems often stem from a lack of resources and firms being dependent on external parties like ISPs to provide protection. Scholtz’s advice was that SMEs “sit down with their service providers to look at the joint process and procedures they should have in place and which party is responsible for which part of these processes.” He added: “Don’t wait for service providers to come up with a process that will satisfy your requirements, approach them.”
