Tuesday, August 31, 2010

The Human Side of Security

Most corporate security breaches are a result of low-tech oversights and employee negligence - not the work of systems hackers.

With all the focus on high-tech security, organizations are overlooking some basic gaps that leave them vulnerable to data loss and network intrusion. Despite a handful of high-profile hacking incidents, the preponderance of corporate security breaches are tied to low-tech oversights or employee negligence.

Insider negligence was a significant factor in more than 88 percent of all cases in a January 2009 study of the cost of data breaches by the Ponemon Institute. About 35 percent of the breaches identified in the study involved lost or stolen laptop computers or other mobile data-bearing.

Other common gaps: improperly disposed of PCs or backup tapes, unattended shredders and countless other seemingly mundane and benign events that occur regularly in the course of daily offlice life.

People may not realize that the vast majority of high-impact security breaches - particularly the ones that involve loss of important business or personally indentifiable data -- are not not the result of a pierced and tattooed hacker in the basement, but often the result of either mistakes or mischief by insiders who have access to that data in the course of their normal work.

No comments: