Corporate data breaches blamed on employees, not hackers
Data Breaches start at home
ABOUT 75 PER CENT of corporate data breaches in the US are down to employee negligence, according to a report which also claims only one per cent of data breaches are caused by hackers on the outside.
What's more, most employee data breaches are accidental, according to The Ponemon Institute study, commissioned by Compuware. However the report admitted that some were also acts of malice by disgruntled staff.
Almost 80 per cent of the 1,112 IT workers surveyed claimed to have had at least one data breach in the first half of 2008 with 43 per cent of them saying they had suffered two or more breaches in the past two years. A clueless 34 per cent shrugged their shoulders and said they had no idea how many breaches they had suffered in that time period.
The 2008 Study on the Uncertainty of Data Breach Detection also discovered that employee confidence that their firm would be able to detect a breach was embarrassingly low with only 10 per cent reckoning loss or theft of personal information would be rumbled. 31 percent said they weren’t at all confident, whilst the ambivalent shoulder shruggers weighed in at 18 per cent.
Looking at the report more closely, it’s no wonder confidence about company data security is not exactly gushing forth, more than 43 per cent of respondents claimed there was no one at their firm in charge of managing data breaches and a further 23 per cent said if there was someone in charge, they had no idea who that person was.
The survey comes at a time when the loss, leak and theft of personal data is being eclipsed in the media only by the becoming ever-boring global financial crisis.
Unsurprisingly, the study found that laptops, PDAs, and memory sticks were the main culprits when it came to most security breaches at 58 per cent, with a further 50 per cent blamed on the network. Continuing with the trend of confusing statistics which don’t add up to 100 per cent, the Ponemon study said a further 41 per cent of breaches originated from the mainframe, whilst 39 per cent could be traced back to paper documents. Backups took the blame for another 20 per cent of breaches.
When it comes to WHO is responsible for the breaches, most fingers point squarely at employee negligence, to blame for ¾ of breaches. 26 per cent of security breaches were blamed on malicious insiders, two per cent on social engineering and a tiny, almost insignificant one per cent on outside hackers.
The most worrying part of the report, however, is that only 20 per cent of those surveyed said they contacted breach victims “within a few days”. A more sluggish 40 per cent told victims within a few weeks, 23 per cent within a month and 17 per cent admitted it took them over a month.
Never mind data breach, it sounds more like a breach of confidence and trust to us. µ
Comments
Data breaches & employees
It is unfortunate but true that whenever a breach happens the odds are that an employee is invloved in some capacity.Numbers don't add up
Almost 80 per cent of the 1,112 IT workers surveyed claimed to have had at least one data breach in the first half of 2008. A clueless 34 per cent shrugged their shoulders and said they had no idea how many breaches they had suffered in that time period.80+34 = 100
looks like ATI math
Numbers aren't MEANT to add up
Alex - read carefully ...That 34% are *part* *of* the 80% if I understand correctly.
80% had at least one breach, 43% had at least two.
And 34% didn't have a clue how many breaches they had - they may well have been aware of at least one. It wouldn't surprise me if that 34% were pretty computer-literate - they have the ability to *spot* a breach, but no authority to *do* *anything* *about* *it*.
Cheers,
Wol