Computerworld
Home News Blogs ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
CareerMail
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
 

Print edition

Study: Human error causes most security breaches

By Grant Gross, IDG News Service
March 18, 2003 12:00 PM ET
Recommended
(0)
Digg
Share/Email

IDG News Service - Human error, not technology, is the most significant cause of IT security breaches, according to a security survey released by the Computing Technology Industry Association Inc. (CompTIA) today.
The survey, "Committing to Security: A CompTIA Analysis of IT Security and the Workforce," suggests more training and certification of IT workers will help the U.S. protect itself against cyberthreats. In more than 63% of security breaches identified by the survey's respondents, human error was the major cause. Respondents blamed only 8% of security breaches on purely technical failures.
Brian McCarthy, CompTIA's CEO, called the results "staggering" in a statement. He said a majority of survey respondents said that most of their IT workers didn't have security training.
"It's not about the technology, but it's all about the people," McCarthy said at a news conference. "Yes, technology plays a critical role, but unless you have the right people behind the wheel, and their knowledge levels are correct, you'll have some real challenges."
CompTIA, an Oakbrook Terrace, Ill.-based trade association that offers technology certifications, said the survey's results show the need for more security training and certification. The results of the survey, which was conducted by NFO Prognostics, of 638 respondents from the public and private sectors, included the following:

  • 31% had experienced from one to three major security breaches, causing real harm, in the past six months. Another 4% of respondents said they had between four and nine major security breaches in the previous six months, and another 3% said they had 10 or more major security breaches in the past six months.

  • 22% said none of their IT employees have received security-related training, 69% have fewer than 25% of their IT staffs trained in security, and only 11% said all of their IT employees have security training.

  • 96% would recommend security training for their IT staff.

  • 73% would recommend more comprehensive security certifications for their IT staff.

  • 66% believe that staff training or certification has improved their IT security through increased awareness and proactive risk identification.

"Frankly, we're surprised no one's picked up on this before," McCarthy said in the statement. "The connection between having more IT security training and making our IT networks more secure seems so obvious, yet it's been largely overlooked. It's just common sense."
Robert Kramer, vice president of global public policy at CompTIA, said that more than 90% of the organizations responding said they use antivirus technologies and firewalls/proxy servers, but only 19% required previous security experience for their IT workers and 23% required security training. "Although the problem is something that focuses on human error, the solutions you would expect are not forthcoming," Kramer added.
The survey also showed that 17% of organizations responding took no measures to monitor their general security performance over time. Sixty percent had some kind of security awareness program in place, and 53% employed security audits or penetration testing.
Seventy-five percent of respondents spent 10% or less of their IT budgets on security, including 12% of respondents who spent nothing, and 77% said their organizations spent less than 5% of their IT security budgets on training or certification.
"There's an intent to measure improvements, but there are no metrics attached to that intent," said Kramer, citing the need for certification.
Donald "Andy" Purdy, a senior adviser with the White House's cybersecurity staff, said the CompTIA study presents some opportunities for the U.S. to improve cybersecurity. "Certification and training of IT professionals is a critical linchpin in making our nation more secure," he said at the CompTIA news conference.
The survey of government, IT, finance and other industries was conducted during the fourth quarter of 2002.





Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints

Additional Resources

Xerox
Win a color printer!
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Upgrade to Internet Explorer 8 today.
Save time and mitigate security risk. Deploy it now.
Sybase
NEXT-GENERATION MOBILITY PLATFORMS
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Accelerate SSL Encrypted Applications
The amount of SSL traffic is growing in the enterprise. Because it is encrypted, it cannot be properly controlled and accelerated. Blue Coat...  

Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....

ESG Lab Field Audit
Many companies have successfully implemented Riverbed WAN optimization solutions within their Cisco networks. This ESG Lab Field Audit document explores the success that...  

The Value of Real SaaS at Workday
Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll....

Shape Your Apps Strategy to Reflect New SaaS Licensing and Pricing Trends
Why are smart companies choosing software-as-a-service? Find out in the complimentary Forrester Research report...  

SaaS at Flextronics, Inc.
Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution....

Natural User Interface for Enterprise Applications
Learn how a revolutionary user interface can make a complex enterprise application so intuitive even casual users can jump right in....  

Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...

A Truly Global HCM System
Learn about a system built with advanced object-oriented technology that support multi-national requirements and costs less to implement, maintain and upgrade....  

Agile Enterprise Content Management (ECM) for Rapid ROI
Find out how combining ECM and BPM will help adress issues about content rich business processes....

All White Papers | All Webcasts

Computerworld Reports

An Interactive eBook: Enterprise Security

The Business Case for Server Virtualization

Computerworld Technology Briefing: Intelligent Users Use Business Intelligence

All Computerworld Reports
 

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.