Human Error Fuels Most Breaches

Uploaded on 2016-06-15 in NEWS-Cybersecurity News, FREE TO VIEW

Believe all you read in the press and you might be forgiven for thinking that hackers are poised to strike at any moment, however, human error remains the main cause of data breaches, according to the Information Commissioner's Office's own statistics.

A Freedom of Information request made by Egress Software Technologies shows that between the beginning of January and end of March this year there were 448 incidents of data breach or loss recorded by the ICO, with most incidents attributed to human error.

Of the 448 incidents, 74 were recorded as a loss or theft of paperwork, a further 74 were cases where data was posted or faxed to the wrong recipient and in 42 cases data was emailed to the incorrect recipient.

Unencrypted devices were either lost or stolen on 20 occasions in the first three months of the year, and 24 cases concerned insecure disposal of paperwork. Organisations failed to redact personal data 28 times during the period and a further 19 cases in total concerned either information uploaded to a webpage, verbal disclosure or insecure disposal of hardware.

In comparison, there were 39 cases of data breaches in the first quarter of 2016 stemming from insecure websites, which includes incidents of hacking. A further 128 data security breaches were recorded by the ICO during the period but were not categorised.

Egress Software chief executive Tony Pepper said: "The fact that so many breaches are caused by methods of working that are known as data breach pitfalls – such as faxing and posting sensitive information, or using plaintext email – should be a major concern for all organisations.

"Organisations need to begin gaining a holistic understanding of the information security measures they have in place."

"This begins with examining the nature of the data produced and handled by their staff, and using a classification tool to mandate how that it is treated. Next, they need to make sure that, when required, the data is released in the correct manner.

"Integration between classification policy and tools, such as email encryption and secure online collaboration, can ensure the correct protection and control is applied to the data when it is released from their environment – functionality obviously not available in more traditional ways of working," he said.

DataIQ: http://bit.ly/1WNwmxl

 

« Harvard Business School Wants To Know How To Win At Cybersecurity
Who’s Stealing The Money? SWIFT Tightens Security As A Fourth Bank Is Attacked. »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Sapphire

Sapphire

Sapphire deliver flexible and scalable cybersecurity solutions, helping organisations to detect, protect, respond and remediate against cyber threats.

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

Lynx Software Technologies

Lynx Software Technologies

Lynx provide secure software and operating systems for use in mission critical applications such as aerospace, medical, transportation and IoT.

AFCON Control & Automation

AFCON Control & Automation

AFCON is a leading global provider of software solutions and services for the smart management of Control & Automation systems in the age of Digital Transformation.

NetMonastery DNIF

NetMonastery DNIF

NetMonastery is a network security company which assists enterprises in securing their network and applications by detecting threats in real time.

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center is a not-for-profit organization focused on regional cybersecurity excellence and readiness, with a special emphasis on the maritime community.

Bounga Informatics

Bounga Informatics

Bounga Informatics provides Digital Forensics, E-Discovery, and Endpoint Security software, hardware, and training in Singapore and other countries in Asia Pacific.

Dellfer

Dellfer

Dellfer secures connected cars and other IOT devices through Intrinsic protection, enabling the most sophisticated cybersecurity attacks to be seen instantly and remediated with precision.

Fischer Identity

Fischer Identity

Fischer Identity provide identity & access management and identity governance administration solutions.

Hacken

Hacken

Hacken provide a range of cybersecurity services including security assessments, blockchain security audits, and secure software development.

riskmethods

riskmethods

riskmethods helps you proactively identify, assess and mitigate supply chain risk. You need to master supply chain risk management—we can help.

CyberScotland

CyberScotland

The CyberScotland Partnership is a collaboration of key strategic stakeholders, brought together to focus efforts on improving cyber resilience across Scotland in a coordinated and coherent way.

ExchangeDefender

ExchangeDefender

ExchangeDefender provides cybersecurity services that secures your company email and data, and guarantees 24/7 email access.

Dutch Research Council (NWO)

Dutch Research Council (NWO)

The Dutch Research Council (NWO) is one of the most important science-funding bodies in the Netherlands and ensures quality and innovation in science.

Token Security

Token Security

Token is the new approach designed for the identity boom era. Introducing Machine-First Identity Security.

Blue Mantis

Blue Mantis

Blue Mantis is a security-first, IT solutions and services provider with a 30+ year history of successfully helping clients achieve business modernization.