Study: Human Error Causes Most Security Breaches
CompTIA study argues that IT workers lack adequate security training.
A new survey from the Computing Technology Industry Association indicates that human error, rather than technology is at the root of most information technology security breaches.
The survey entitled "Committing to Security: A CompTIA Analysis of IT Security and the Workforce," says that more training and certification is needed, if IT workers, their companies and government agencies are to be better equipped to handle violations of computer security.
The survey found that in more than 63 percent of IT security breaches that human error played a role. The survey also found that of those questioned only 8 percent said that security problems were the result of technological failures.
CompTIA is a trade association that offers technology certifications, so it's no surprise that it was quick to point out that the findings of the study that point to the need for improved security training and certification of IT workers.
"We define a security breach as one that caused real harm, resulted in confidential information taken, or interrupted business," says Mike Wendy, policy counsel for CompTIA.
"We are seeing very little of the IT budget being spent on security and an even smaller subset being dedicated to resources on IT security training, certification and awareness," Wendy said.
NFO Prognostics conducted the survey during the fourth quarter of 2002 for the CompTIA, which questioned 638 information technology workers in both the private and public sectors.
The survey found that thirty-one percent of the IT workers were aware of between one to three major security breaches in the past six months. While another four percent said had between four and nine security breaches happened over the same period of time, while another three percent said they had ten or more security breaches in the past six months.
The survey also found twenty-two percent said none of their IT workers had recently received technology security training. The survey went onto say 69 percent have had fewer than 25 percent of their tech staffs trained to protect against security breaches, while only 11 percent said all of their IT workers have had proper security training.
The survey also found that ninety-six percent of the respondents thought it would be a good idea for their IT staffs to receive more security training. Seventy-three percent of the IT workers surveys said they would recommend comprehensive security certifications.