14 DAY TRIAL // A report entitled “The Human Factor in Data Protection” commissioned by Trend Micro and performed by the Ponemon Institute revealed that most IT security practitioners in the US blamed employees for the data breaches that affected their companies.
It’s well known that the human factor is one of the weakest links when it comes to information security and the experts that took part in the study reinforced these beliefs.
The numbers show that more than 78% of those questioned blame the intentional or accidental actions of employees for at least one breach that affected the company in the past couple of years.
The main causes of data breaches are represented by the loss of mobile devices that contained sensitive data, situations where a third party is responsible for the theft of information, and system glitches.
More than half of the respondents admitted that most data loss incidents are discovered by accident, only 19% saying that the one responsible reported the breach.
A separate analysis made for small and medium businesses (SMBs) revealed that, in companies with less than 100 employees, the risk factor is even higher.
As a comparison, 58% of employees from SMBs opened attachments or clicked on links received in spam emails, versus only 39% of individuals who work in enterprises.
“Our conclusion is that most threats posed by employees and those within companies are becoming more prevalent because of the mobility of the workforce, proliferation of mobile data-bearing devices, consumerization of IT, and the use of social media in the workplace,” Dr. Larry Ponemon, chairman and founder of Ponemon Institute, said.
“We saw that most surveyed believe their companies are not doing enough to ensure a more effective security infrastructure against hackers and targeted attacks. Combined with data-centric security technology, education and awareness among employees are essential.”
Experts recommend awareness raising campaigns among employees, data protection policies, and the use of technological solutions.
The full report is available here.