These days, there’s no shortage of tools to combat outside threats to IT security in organizations. However, according to a recent CompTIA study, the root of the problem could be stemming from within the company — among the non-IT staff, in particular.
“When looking at some of the causes of the security breaches, we found that it skews slightly towards human error as opposed to some type of technical malfunction or some other type of technical aspect,” said Tim Herbert, vice president of market research for CompTIA. “That’s a trend that’s of concern to many in the industry.”
Some major areas of concern for IT executives include spyware and viruses, but Herbert said user error has been inching up the list over the years.
While the need for additional training of IT employees still exists, more attention should be given to non-IT employees, Herbert explained.
“Many [IT security] issues are related to spyware, viruses or browser-based types of attacks because the non-IT staff is relying more and more on either Web applications or social networking, or working remotely [from] laptops, smart phones and so forth,” Herbert said.
Oftentimes, there is a lack of support from top management regarding the need to implement such training, Herbert explained.
“They’re aware of prominent security breaches, but they may view it more as just an IT issue and not necessarily as a business issue,” he said.
And if companies don’t deem this to be a business issue, they won’t want to allocate staff time or training dollars to training.
“[Sometimes they determine] there’s no clear ROI or benefit to having non-IT staff trained, so they view it more as a cost and not as a preventative maintenance type of issue.”
However, Herbert explained that the No. 1 cost of a security breach is the negative impact it has on employee productivity — a consequence that can have significant bottom-line impact.
The CompTIA study, which surveyed 1,500 IT decision makers around the world, showed that roughly one in three respondents acknowledged some type of security breach in the past 12 months, despite having security policies and training in place.
In some cases, there also is a generational component that comes into play, Herbert explained.
“The generation of workers entering the workforce has a very different experience with technology than someone who may have been in the workforce for 20 or 30 years,” he said. “Their expectation is to have more freedom to interact with applications.”
Sharing of information also has become much more commonplace among the younger generations. This increases concerns about phishing, as well as the sharing of proprietary information, both intentionally and unintentionally.
“It is a very delicate balancing act for a lot of companies between having the right degree of security and giving staff the right degree of freedom to be productive and to use applications that can help them do their jobs better,” Herbert said.
– Deanna Hartley, firstname.lastname@example.org