Human Error Fuels Most Breaches

Uploaded on 2016-06-15 in NEWS-Cybersecurity News, FREE TO VIEW

Believe all you read in the press and you might be forgiven for thinking that hackers are poised to strike at any moment, however, human error remains the main cause of data breaches, according to the Information Commissioner's Office's own statistics.

A Freedom of Information request made by Egress Software Technologies shows that between the beginning of January and end of March this year there were 448 incidents of data breach or loss recorded by the ICO, with most incidents attributed to human error.

Of the 448 incidents, 74 were recorded as a loss or theft of paperwork, a further 74 were cases where data was posted or faxed to the wrong recipient and in 42 cases data was emailed to the incorrect recipient.

Unencrypted devices were either lost or stolen on 20 occasions in the first three months of the year, and 24 cases concerned insecure disposal of paperwork. Organisations failed to redact personal data 28 times during the period and a further 19 cases in total concerned either information uploaded to a webpage, verbal disclosure or insecure disposal of hardware.

In comparison, there were 39 cases of data breaches in the first quarter of 2016 stemming from insecure websites, which includes incidents of hacking. A further 128 data security breaches were recorded by the ICO during the period but were not categorised.

Egress Software chief executive Tony Pepper said: "The fact that so many breaches are caused by methods of working that are known as data breach pitfalls – such as faxing and posting sensitive information, or using plaintext email – should be a major concern for all organisations.

"Organisations need to begin gaining a holistic understanding of the information security measures they have in place."

"This begins with examining the nature of the data produced and handled by their staff, and using a classification tool to mandate how that it is treated. Next, they need to make sure that, when required, the data is released in the correct manner.

"Integration between classification policy and tools, such as email encryption and secure online collaboration, can ensure the correct protection and control is applied to the data when it is released from their environment – functionality obviously not available in more traditional ways of working," he said.

DataIQ: http://bit.ly/1WNwmxl

 

« Harvard Business School Wants To Know How To Win At Cybersecurity
Who’s Stealing The Money? SWIFT Tightens Security As A Fourth Bank Is Attacked. »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cobwebs Technologies

Cobwebs Technologies

Cobwebs Technologies provide web intelligence solutions for Law Enforcement (including cybercrime), Intelligence Agencies and Federal Agencies.

French Expert Center Against Cybercrime (CECyF)

French Expert Center Against Cybercrime (CECyF)

CECyF is a centre of excellence for countering cybercrime in France.

itWatch

itWatch

itWatch is focused on data loss prevention (DLP), endpoint security, mobile security, encryption, and cost reducing solutions for IT operations.

LinOTP

LinOTP

LinOTP is an enterprise level, innovative, flexible and versatile OTP-platform for strong authentication.

Procilon Group

Procilon Group

Procilon Group specialize in the development of cryptographic software as well as strategic advice on information security and data protection.

ITonlinelearning

ITonlinelearning

ITonlinelearning specialises in providing professional certification courses to help aspiring and seasoned IT professionals develop their careers.

Hunton Andrews Kurth

Hunton Andrews Kurth

Hunton Andrews Kurth LLP serves clients across a broad range of complex transactional, litigation and regulatory matters. Practice areas include Privacy and Cybersecurity.

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP provides solutions and services around Core Infrastructure, Cloud, Cyber Security, Enterprise Applications, Intelligent Automation and Data, Smart Buildings, and Managed Services.

Tetra Defense

Tetra Defense

Tetra Defense is a leading incident response, cyber risk management and digital forensics firm.

Darkscope

Darkscope

Darkscope is an award-winning personalised cyber intelligence service provider. Our cutting-edge AI and Deep Artificial Neural Networks lead the world of cyber intelligence solutions.

Secure Diversity

Secure Diversity

Secure Diversity is an innovative non-profit organization with leaders that think out of the box to create strategies & solutions to increase diversity in the cybersecurity industry.

SpireTec Solutions

SpireTec Solutions

SpireTec Solutions is an IT management training company offering 1500+ courses with state of art training facilities backed by a team of industry experts in various domains including cybersecurity.

Hetz Ventures

Hetz Ventures

Hetz Ventures is a global-facing VC investing in highly talented and ambitious Israeli founders who operate at the cutting edge of deep technology.

We Hack Purple

We Hack Purple

We Hack Purple is a Canadian company dedicated to helping anyone and everyone create secure software.

63 Moons Technologies (63MT)

63 Moons Technologies (63MT)

63 Moons Technologies is a world leader in providing next-generation technology ventures, innovations, platforms, and solutions.

DNSFilter

DNSFilter

DNSFilter is the most accurate threat detection and content filtering tool on the market today.