CompTIA: Human error causes security breaches

WASHINGTON - Human error, not technology, is the most significant cause of IT security breaches, according to a security survey released by the Computing Technology Industry Association Tuesday.

The survey, Committing to Security: A CompTIA Analysis of IT Security and the Workforce, suggests more training and certification of IT workers will help the U.S. protect itself against cyber threats. In more than 63% of security breaches identified by the survey's respondents, human error was the major cause.

Brian McCarthy, CompTIA’s chief operating officer, called the results "staggering" in a press release statement. He noted that a majority of survey respondents said that most of their IT workers didn't have security training.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

WASHINGTON - Human error, not technology, is the most significant cause of IT security breaches, according to a security survey released by the Computing Technology Industry Association Tuesday.

The survey, Committing to Security: A CompTIA Analysis of IT Security and the Workforce, suggests more training and certification of IT workers will help the U.S. protect itself against cyber threats. In more than 63% of security breaches identified by the survey's respondents, human error was the major cause.

Brian McCarthy, CompTIA’s chief operating officer, called the results "staggering" in a press release statement. He noted that a majority of survey respondents said that most of their IT workers didn't have security training.

Among the results of the survey, conducted by NFO Prognostics, of 638 respondents from the public and private sectors:

-- Thirty-one percent had experienced from one to three major security breaches, causing real harm, in the last six months.

-- Twenty-two percent said none of their IT employees have received security-related training; 69% have fewer than 25% of their IT staffs trained in security; and only 11% said all of their IT employees have security training.

-- Ninety-six percent would recommend security training for their IT staff.

-- Seventy-three percent would recommend more comprehensive security certifications for their IT staff.

-- Sixty-six percent believe that staff training or certification have improved their IT security, through increased awareness and proactive risk identification.

"Frankly, we’re surprised no one's picked up on this before," McCarthy said in the press release. "The connection between having more IT security training and making our IT networks more secure seems so obvious, yet it’s been largely overlooked. It’s just common sense."

The IDG News Service is a Network World affiliate.