2015 – Most IT Security Breaches Involve Human Error

These days information technology and hacking have taken a front seat to the action-packed drama of physical bank break-ins and “stick-ups”.

The world has changed and cyber-terrorism, corporate espionage, and general internet mayhem seem to make the news on a regular basis.

According to The Arizona Republic (a Gannett Company), “this week’s news that 31 world leaders, including President Obama – who had their personal information breached, including name, date of birth and passport number – should remind employers and employees that human error is a significant factor in data breach events.

“In this case, an Australia immigration service employee mistakenly e-mailed the sensitive information of the above-mentioned world leaders days before November’s G-20 summit in Brisbane, Australia.

“However, the Australian immigration department did not report the breach to the world leaders even though it was a clear violation of the privacy laws of three of the affected countries, including the U.K., France and Germany, all of which require mandatory notification for data breach victims.”

It is no wonder that IBM’s 2014 Cyber Security Intelligence Index pointed out that 95 of all security incidents involve human error. Where is the missing 5%? I would call it 100%. From the inception of an idea, to the project management and allocation of time for best security practices, to time allotted for education and training and for secure code to be written, who else but humans could possibly be responsible for a security breach?

In January, Vormetirc, a data security firm, released its 2015 Insider Threat Report and found that 93 percent of U.S.-based organizations surveyed believed that they were vulnerable to insider threats.

Mark Pribish is vice president and ID-theft practice leader at Merchants Information Solutions Inc., an ID theft-background screening company based in Phoenix. Almost all these thoughts come from him and I completely agree.

According to Mark: “It doesn’t take the president or world leaders to recognize that employees — or even you — can make a mistake in data management and protection. Focus on increased employee education on information security.”

If this article does not resonate with you, I would recommend looking up the definition of the following words:

– Diligence
– Alertness
– Heedfulness
– Sedulousness
– Carefulness
– Pertinacity

It can be hard to steer a development department or a company in the direction of spending more money on security. But the above words describe exactly what needs to be done.

At the end of the day, if your company assets are secure, your reputation is secure and you have happy clients then you can feel good about doing a job that demands this sort of vigilance.

Jock

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s