Clumsy staff more dangerous than hackers: survey

Data breaches cost local business up to $1 million

Up to 79 percent of the 156 Australian IT managers and C-level executives responding to a recent survey have suffered IT data breaches.

Some 40 percent of those have experience between six and 20 breaches over the last five years, and a further 59 percent claimed to have been hit with undetected data losses.

According to Symantec's Data Loss Prevention survey — which collected responses from local organisations with more than 100 employees and an annual turnover between $10 to $500 million — misplaced customer and employee records is the most common form of corporate data loss.

Intellectual property was lost in 43 percent of data breaches reported in the survey, followed by commercially sensitive information in 35 percent of cases, and lost bank and credit card data in 21 percent.

Staff are the biggest security threat, according to the figures. Human error was blamed in 42 percent of the reported cases of data loss, while 28 percent of losses were deliberately caused by staff.

Hackers were blamed for 29 percent of data breaches, while malware infections accounted for 24 percent.

The most expensive data breaches reported cost up to $1 million, while the average bill was less than $5000.

Comments

1

johnfranks999@hotmail.com

Fri 24/10/2008 - 03:39

Data Theft and Breaches - A Solution?

It seems to me that these data breaches and thefts are due to a lagging business culture. In the realm of risk, unmanaged possibilities become probabilities: As CIO, I'm always looking for ways to help my team, business teams, and ad hoc measures of various vendors, contractors and internal team members. A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium."

We keep a few copies kicking around - it would be a bit much to expect outside agencies to purchase it on our say-so. But, particularly when entertaining bids for projects and in the face of challenging change, we ask potential solutions partners to review relevant parts of the book, and it ensures that these agencies understand our values and practices.

The author, David Scott, has an interview here that is a great exposure: http://businessforum.com/DScott_02.html

The book came to us as a tip from one of our interns who attended a course at University of Wisconsin, where the book is in use. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. The real crux of the matter is education and training to the organization as a whole – and a recurring schedule of training – in building a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.

I like to pass along things that work, in the hope that good ideas continue to make their way to me.

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: data breach
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/150/handbrake/

HandBrake

HandBrake is an opensource tool that allows you to backup your DVDs so that you can store and watch them on your computer. Features include: ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia