Human Error Fuels Most Breaches

Uploaded on 2016-06-15 in NEWS-Cybersecurity News, FREE TO VIEW

Believe all you read in the press and you might be forgiven for thinking that hackers are poised to strike at any moment, however, human error remains the main cause of data breaches, according to the Information Commissioner's Office's own statistics.

A Freedom of Information request made by Egress Software Technologies shows that between the beginning of January and end of March this year there were 448 incidents of data breach or loss recorded by the ICO, with most incidents attributed to human error.

Of the 448 incidents, 74 were recorded as a loss or theft of paperwork, a further 74 were cases where data was posted or faxed to the wrong recipient and in 42 cases data was emailed to the incorrect recipient.

Unencrypted devices were either lost or stolen on 20 occasions in the first three months of the year, and 24 cases concerned insecure disposal of paperwork. Organisations failed to redact personal data 28 times during the period and a further 19 cases in total concerned either information uploaded to a webpage, verbal disclosure or insecure disposal of hardware.

In comparison, there were 39 cases of data breaches in the first quarter of 2016 stemming from insecure websites, which includes incidents of hacking. A further 128 data security breaches were recorded by the ICO during the period but were not categorised.

Egress Software chief executive Tony Pepper said: "The fact that so many breaches are caused by methods of working that are known as data breach pitfalls – such as faxing and posting sensitive information, or using plaintext email – should be a major concern for all organisations.

"Organisations need to begin gaining a holistic understanding of the information security measures they have in place."

"This begins with examining the nature of the data produced and handled by their staff, and using a classification tool to mandate how that it is treated. Next, they need to make sure that, when required, the data is released in the correct manner.

"Integration between classification policy and tools, such as email encryption and secure online collaboration, can ensure the correct protection and control is applied to the data when it is released from their environment – functionality obviously not available in more traditional ways of working," he said.

DataIQ: http://bit.ly/1WNwmxl

 

« Harvard Business School Wants To Know How To Win At Cybersecurity
Who’s Stealing The Money? SWIFT Tightens Security As A Fourth Bank Is Attacked. »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Corero Network Security

Corero Network Security

Corero Network Security is dedicated to improving the security of the Internet through the deployment of its innovative DDoS & Network Security Solutions.

Puppet

Puppet

Puppet is a leader in IT automation. Our software helps DevOps securely automate configuration and management of machines and the software running on them.

Feedzai

Feedzai

Feedzai provide software that uses big data analysis and machine-based learning to prevent fraud in ecommerce.

Nouveau

Nouveau

Nouveau Solutions is a specialist IT managed services company with a strategic focus on delivering cloud, infrastructure, compliance, network and security solutions.

iosiro

iosiro

iosiro was created to guide companies through securely using blockchain technologies. We help teams launch and manage ICOs, deploy secure dApps, and integrate private networks into business practices.

TwoThreeFour

TwoThreeFour

ThreeTwoFour provide tailored cyber security solutions, delivered by highly-skilled, experienced consultants who respond to the real needs of you and your business.

Xiarch Solutions

Xiarch Solutions

Xiarch Security is an global security firm that educates clients, identifies security risks, informs intelligent business decisions, and enables you to reduce your attack surface.

AdronH

AdronH

AdronH is a company of Cyber Security consultants. We support companies and public institutions with their digital transformation to new and secure business platforms.

Block Harbor Cybersecurity

Block Harbor Cybersecurity

Block Harbor has worked closely with automakers, suppliers, and regulators since 2014 on vehicle cybersecurity.

Converged Communication Solutions

Converged Communication Solutions

Converged is an independent Internet Service Provider, telephony, IT support and security specialist.

AKS iQ

AKS iQ

AKS iQ leads the RegTech sector with AI, automating regulatory compliance in the banking industry and ensuring paperless TBML and CFT adherence in finance.

Socket

Socket

Socket protects software applications and critical services from malware and security threats originating in open source code.

Pontiro

Pontiro

At Pontiro, we are enabling a new era of data-sharing. Bridging the gap between protected data and valuable insights through the use of cutting edge Homomorphic Encryption.

BlackSignal Technologies

BlackSignal Technologies

BlackSignal Technologies provides cybersecurity, digital signal processing and electronic warfare products to help DOD and IC agency customers counter near-peer threats and security challenges.

UBDS Digital

UBDS Digital

UBDS Digital is your Digital Lifecycle Partner for Secure Cloud Transformation.

Blackwire Labs

Blackwire Labs

Blackwire.ai is the first multidisciplinary cybersecurity advisor, powered by AI and trained by cybersecurity experts to enhance your team's capabilities and improve resilience.