Most IT Security Breaches Due to Human Error But…
According to a new survey from the Computing Technology Industry Association (CompTIA), provider of A+ and Security+ certification, human error is the primary cause of IT security breached. The survey also showed that training and preparation can help organizations limit the impact of security breaches.
Even though the 900 organizations surveyed this year reported higher awareness of IT security threats, more emphasis on security practices and procedures and more spending on preventive measures, 84 percent said human error was to blame, at least in part, for their last major security breach. In last year’s survey, only 63 percent of security breaches were blamed on human error. Almost 60 percent of organizations said they had experienced at least one major IT security breach in the past six months. A major IT security breach is one that causes real harm, results in loss of confidential information or interrupts operations.
Training and awareness can help mitigate the effects of these breaches though. “Human knowledge and action are critical to making networks and IT infrastructure secure,” said John Venator, president and CEO of CompTIA. “And while awareness of the threat posed by IT security breaches has increased dramatically, many organizations have been slow to make the appropriate investments in time and budget to properly address these threats.”
According to the survey, training and certification had a positive impact on security. Organizations that trained a quarter of their IT security staff in security were less likely to experience a departmental security breach than those that trained less than a quarter of their IT staff in security. The same goes for staff members. Eighty percent of organizations that invested in staff security training said it helped improve security. And, 70 percent of the organizations that invested in security certification said that it helped improve security.
Training and certification lead to better identification of potential risks, higher awareness of security issues, better security measures and the knowledge and skill to respond rapidly to problems.
For more information, see http://www.comptia.org.