Breaches attributed to error

Despite all the attention organizations are devoting to security, mistakes still happen. A recent survey from the Computing Technology Industry Association (CompTIA) shows that human error was responsible for nearly to 60% of IT security breaches in the past year, as compared to only 47% of incidents last year.

About 40% of the 574 organizations participating in the survey experienced at least one security attack in the past year. The most severe incidents were reported by large organizations of 7,000 or more employees and educational institutions.

“The primary cause of security breaches – human error – is not adequately being addressed,” CompTIA COO Brian McCarthy says. “The person behind the PC continues to be the primary area where weaknesses are exposed.”

One reason human error accounts for a greater proportion of security breaches this year might be due to increased deployment of security technologies. Almost every company surveyed has anti-virus software (96%), and most also use firewalls and proxy servers (91%).

“As we get better from a technology standpoint, many organizations seem to believe that technology solutions alone are sufficient to turn back all attacks, and a level of complacency may be setting in,” McCarthy says. “The fact remains that no technology on its own can be completely successful without an equally strong commitment to information security awareness and training throughout every level of the organization.”

CompTIA commissioned the survey in part to promote its Security+ certification, a vendor-neutral credential for network security pros with two years of experience.

For more results, click here.