Monthly newsletter Weekly news roundup Breaking news notification      

Human error most common cause of IT security breaches

Computing Technology Industry Association survey confirms what you probably already suspected.

At a Washington briefing with government officials, the Computing Technology Industry Association (CompTIA) revealed results from its new security survey ‘Committing to security: a CompTIA analysis of IT security and the workforce’.

The survey shows that human error – not technical malfunction – is the most significant cause of IT security breaches in the public and private sectors. Encouragingly, an overwhelming majority of respondents stating that IT training and certification have improved network security.

“We think the results are pretty staggering,” said Brian McCarthy, CompTIA’s chief operating officer. “Where agencies and companies have looked primarily to technology for network safety, in over 63 percent of identified security breaches, human error looks to be a major, underlying factor.”

The study, conducted by NFO Prognostics, surveyed 638 respondents from the public and private sectors. Among other things, the survey assessed security breach frequency and common causes, security resources, responsibility and enforcement practices, investment in security and certification, and steps taken in response to government regulatory and legislative mandates.

Other highlights show:

* 31 percent had experienced from one-to-three “major security breaches” - i.e., that caused real harm, resulted in confidential information taken, or interrupted business - in the last six months;
* 22 percent said none of their IT employees have received security-related training; 69 percent have fewer than 25 percent of their IT staff security-trained; and only 11 percent said that all of their IT employees have received security training;
* 96 percent would recommend security training for their IT staff;
* 73 percent would recommend more comprehensive security certification for their IT staff;
* 66 percent believe that staff training/certification has improved their IT security, primarily through increased awareness, as well as through proactive risk identification;
* 59 percent said that government security regulations are largely inappropriate, failing to adequately address the practical side of the problem.

www.comptia.org

Date: 20th March 2003 •Region: North America •Type: Article •Topic: ISM
Rate this article or make a comment - click here


Copyright 2003 Portal Publishing LtdPrivacy policyContact usSite mapNavigation help