Forget hackers; companies responsible for most data breaches, study says
More than 1.9B records compromised in the past 26 years
Computerworld - In the five minutes it might take to read this article, about 672 electronic records containing confidential information will be compromised. By year's end, more than 72 million records with Social Security numbers, credit card numbers, birth dates and other personal data will have been exposed. That rate is about 200,000 more records per month than last year.
And the main culprit is not the oft-vilified rogue hacker, but corporate America, according to a new study by the University of Washington, Seattle.
That conclusion is based on a review of 550 security breaches reported in major U.S. news media outlets from 1980 to 2006. The goal of the study was to examine the role of organizational behavior in privacy violations. It showed that internal foul-ups such as putting personally identifiable information accidentally online, missing equipment, lost backup tapes or other administrative errors were responsible for 61% of the incidents.
In contrast, just 31% of the incidents were perpetrated by external hackers; 9% had unspecified causes.
"What this shows is that a surprising number of incidents actually involve corporate mismanagement more than hackers," said Philip Howard, assistant professor of communication at the University of Washington and co-author of the report. "I think it is easier when your company loses a lot of client data to put an immediate spin on it and blame it on a hacker or some external guy using some ingenious hacking technique."
The reality, though, is that in more cases than not, internal errors caused the data breach, he said.
Howard's study reinforces similar findings from other research. A report released last week by the IT Policy Compliance Group showed that human error is the overwhelming cause of losses of sensitive data -- contributing to 75% of all occurrences, while malicious hacking activity contributed to just 20% of data losses. According to that report, the primary channels for data loss involve laptops and mobile devices as well as e-mail and instant messages.
Similarly, in an informal survey of attendees at last week's Computerworld Premier 100 IT Leaders Conference, respondents picked "activities by internal staffers" as the biggest source of security breaches, followed by "ineffective policies" and "sloppy mobile workers." External hackers were fingered as the source in just 11% of the cases.
Even in incidents that were publicly blamed on external hackers, the reality is a bit more nuanced, Howard said. One example was the huge data breach at Acxiom Corp. in 2003, when an external data broker stole 1.6 billion customer records containing names, addresses and e-mail addresses belonging to millions of Americans. In that case, the hacker was able to get at the records largely because of a failure by Acxiom to establish proper access controls, Howard said. Though the incident was recorded as an external hack, in reality, it was enabled by an internal error, he said.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Forrester Report: CommVault is a Leader in Enterprise Backup and Recovery In this report, Forrester takes a deep dive into the evaluation criteria, how CommVault is positioned and the features and functionality that make...
- Forrester Wave for Enterprise Backup and Recovery Read this report to see how CommVault continues to outpace its competitors and why Forrester positioned CommVault Simpana as the top backup and...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Cybercrime and Hacking White Papers |