Human Error Fuels Most Breaches

Uploaded on 2016-06-15 in NEWS-Cybersecurity News, FREE TO VIEW

Believe all you read in the press and you might be forgiven for thinking that hackers are poised to strike at any moment, however, human error remains the main cause of data breaches, according to the Information Commissioner's Office's own statistics.

A Freedom of Information request made by Egress Software Technologies shows that between the beginning of January and end of March this year there were 448 incidents of data breach or loss recorded by the ICO, with most incidents attributed to human error.

Of the 448 incidents, 74 were recorded as a loss or theft of paperwork, a further 74 were cases where data was posted or faxed to the wrong recipient and in 42 cases data was emailed to the incorrect recipient.

Unencrypted devices were either lost or stolen on 20 occasions in the first three months of the year, and 24 cases concerned insecure disposal of paperwork. Organisations failed to redact personal data 28 times during the period and a further 19 cases in total concerned either information uploaded to a webpage, verbal disclosure or insecure disposal of hardware.

In comparison, there were 39 cases of data breaches in the first quarter of 2016 stemming from insecure websites, which includes incidents of hacking. A further 128 data security breaches were recorded by the ICO during the period but were not categorised.

Egress Software chief executive Tony Pepper said: "The fact that so many breaches are caused by methods of working that are known as data breach pitfalls – such as faxing and posting sensitive information, or using plaintext email – should be a major concern for all organisations.

"Organisations need to begin gaining a holistic understanding of the information security measures they have in place."

"This begins with examining the nature of the data produced and handled by their staff, and using a classification tool to mandate how that it is treated. Next, they need to make sure that, when required, the data is released in the correct manner.

"Integration between classification policy and tools, such as email encryption and secure online collaboration, can ensure the correct protection and control is applied to the data when it is released from their environment – functionality obviously not available in more traditional ways of working," he said.

DataIQ: http://bit.ly/1WNwmxl

 

« Harvard Business School Wants To Know How To Win At Cybersecurity
Who’s Stealing The Money? SWIFT Tightens Security As A Fourth Bank Is Attacked. »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

DigiCert

DigiCert

DigiCert is the only provider of enterprise-grade SSL, IoT and PKI solutions. Our certificates are trusted everywhere, millions of times every day, by companies across the globe.

Telefonica Tech

Telefonica Tech

Telefónica Cyber Security Tech is focused on the prevention, detection and appropriate response to security incidents aimed at protecting your digital services.

National Defence Radio Establishment (FRA) - Sweden

National Defence Radio Establishment (FRA) - Sweden

The National Defence Radio Establishment (Försvarets Radioanstalt), is the Swedish national authority for Signals Intelligence, also providing Information assurance services to government authorities.

Secure Decisions

Secure Decisions

Secure Decisions focus on research and product development related to national security including information assurance, computer network defense, cyber security education, and application security.

Coursera

Coursera

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online. Subject areas include Computer Security & Networks.

Proteus

Proteus

Proteus is an Information Security consulting firm specialized in Risk Analysis and Executive Control.

Seekurity

Seekurity

Seekurity is an information security consulting firm specialized in all areas of Cyber Security including Penetration Testing, Vulnerability Assessments and Risk Management.

Encore Media Group

Encore Media Group

Encore Media Group provide an international enterprise technology event series exploring IoT, Blockchain AI, Big Data, 5G, Cyber Security and Cloud.

FCI

FCI

FCI is a NIST-Based Managed Security Service Provider (MSSP) offering Cybersecurity Compliance Enablement Technologies & Services to Financial Services organizations.

Mosyle

Mosyle

Businesses and educational institutions rely on Mosyle to manage and secure their Apple devices and networks.

IGI Cybersecurity

IGI Cybersecurity

IGI Cybersecurity delivers people-driven cybersecurity for personalized, resilient cyber defense focused on individualized strategy and unshakeable partnership.

TriCIS

TriCIS

TriCIS design and engineer highly secure integrated solutions that meet the highest government and military security standards, providing information assurance to organisations across the globe.

42Crunch

42Crunch

42Crunch provides API security testing and threat protection. We proactively test, fix and protect your APIs from development to runtime.

Redcoat AI

Redcoat AI

Redcoat AI provide a comprehensive security platform that continuously evolves with the threats and opportunities presented by AI.

Acumen

Acumen

Acumen's cyber security engineers protect your critical systems, in critical moments. We are here when you need us most.

Cyberscope

Cyberscope

Cyberscope is a Web3 security firm specializing in smart contract audits, crypto security audits, and blockchain vulnerability assessments.