Training needed to quell breaches

The most severe security breaches are often caused by human error

As many highly publicized security breaches demonstrate, sometimes the greatest threat to an organization comes from within when well-meaning employees make mistakes such as losing an unencrypted laptop or posting personally identifiable information online.

Podcast: Protecting against insider threats in a down economy
Podcast: Who's Stealing Your Data?

CompTIA’s annual information security trends report shows the most severe security breaches are often caused by human error. Such breaches drag down employee productivity and disruption of revenue-generating activities. CompTIA, a provider of vendor-neutral certifications, concludes there’s a need for more employee training and deeper knowledge of technology to foster increased awareness.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

As many highly publicized security breaches demonstrate, sometimes the greatest threat to an organization comes from within when well-meaning employees make mistakes such as losing an unencrypted laptop or posting personally identifiable information online.

Podcast: Protecting against insider threats in a down economy
Podcast: Who's Stealing Your Data?

CompTIA’s annual information security trends report shows the most severe security breaches are often caused by human error. Such breaches drag down employee productivity and disruption of revenue-generating activities. CompTIA, a provider of vendor-neutral certifications, concludes there’s a need for more employee training and deeper knowledge of technology to foster increased awareness.

“Fueled in part by the rapid adoption of portable hardware like laptops, flash drives and smart phones, and by distributed information technologies such as crowd sourcing, social networks, virtualization and cloud storage, end users are exposed to new IT security threats every day,” said Tim Herbert, vice president of research at CompTIA. “Security threats grow along with the expanding reach of IT so non-IT employees need to be continually trained on the latest IT security threats.”

“Trends in Information Security: an Analysis of IT Security and the Workforce,” is based on responses from 553 U.S. IT pros as well as others around the world. The study shows the average number of security breaches increased slightly from previous years, though the severity has increased.

One result of the study is that the number of organizations providing security training for non-IT staff dropped in 2008. Only 45% of firms offered this last year, as compared to 53% in 2007. One statistic on the rise is the number of firms that require IT security certification- that stood at 32% in 2008.

On a separate note, it’s time to say goodbye. This is the last installment of Network World’s IT Leadership newsletter. I’ve enjoyed penning this over the years and appreciate your interest and feedback. Please watch for the IT Best Practices Alert by Linda Musthaler which mails on Mondays. I wish you much success in your IT leadership roles.

Read more about infrastructure management in Network World's Infrastructure Management section.