Information security solutions are getting more and more sophisticated, even as attackers continue to send out the same old viruses and worms. So why are breaches of enterprises’ IT systems still such a problem? The answer is simple: human error. According to CompTIA’s fourth-annual IT Security in the Workforce survey, almost 60 percent of successful attacks on respondents’ organizations during the past year could be attributed to gaffes by end users.
This is actually nothing new, said Brian McCarthy, CompTIA’s chief operating officer. While security techniques have appreciably improved over the past few years, end user awareness of cyber threats has hardly budged. “There’s been no progress,” he said. “There’s been progress over the past three years in addressing technology-related topics like authentication. In 2003, user-authentication practices were a security issue for roughly 45 percent of the constituency we surveyed. By 2005, it had become 25 percent. But lack of user awareness over those three years was 62.5 percent in 2003, and it’s 58 percent in 2005.
“Security as an issue has been around now for about three-plus years—really, post Sept. 11th,” he added. “As we’ve gotten better at it, there’s really been a tendency not to focus on it holistically as much anymore. Now we’re being asked to focus on CRM solutions, ERP solutions or something that creates greater efficiency for the company. As IT departments are being challenged to do more with less, one thing that’s not happening is the IT security issue moving from the…
Please log in or subscribe to read this article