Human error tops the list of security threats

IT managers also say its insider threats that really worry them the most

When it comes to security, human threats score much higher than those posed by technology. So says a new survey by consulting firm Deloitte of more than 100 technology, media and telecommunications companies worldwide.

Seventy-five per cent of companies listed human error as the leading cause of security failures such as breakdowns and systems outages. Forty-eight per cent also cited operations and technology lapses as key causes of security failures. Problems resulting from third parties such as contractors and business partners, meanwhile, received 28 per cent of the votes as a root cause of security failures.

Misbehaving employees also figure prominently in IT fears: Ninety-one percent of respondents say the risk of employee misconduct related to information systems worries them.

View: Full Article @ IT Business (Canada)

Report a problem with article
Previous Story

EBay to ban negative seller views

Next Story

ASUS EN8800GTS TOP Reviewed

6 Comments

Commenting is disabled on this article.

Seems logical...
Humans make the computers and equipment, humans write the software that runs on that equipment...so ya...human error would seem the likely cause :P

More so than the design/programming issues you allude to, I think more directly that human error encompasses mundane things that are done every day by many admins. Not keeping your system patched and up to date. Weak passwords. Poor or no firewall. Least user privileges. Cruddy policies.

Stuff like that, even home administrators fall prey to. How many run with administrator powers every day? How many log in with no password? How many home users don't update because it is "such a hassle"?

+1 with markjensen

Least user privilages on Windows, with regular patching a decent AV and a properly configured firewall in front makes it as secure as the majority of consumer platforms.

Unfortunatly people have been ignoring these basic best practices with a 'it works fine at the moment so why change stuff' attitude. The same as leaving your front door unlocked and wide open but never locking it cause you haven't been burgled!

Thankfully Microsoft are addressing this with Vista by getting closer to the Linux model with end-user access and sandboxing. (UAC, IE7+ protected mode, great software firewall, windows update etc.)

But yeah, it's normally the human factor that cause security problems rather than software.

(stevehoot said @ #1.2)
+1 with markjensen

Least user privilages on Windows, with regular patching a decent AV and a properly configured firewall in front makes it as secure as the majority of consumer platforms.

.

A unprivilegied users will not need a antivirus, cause he can't do permanent changes on the system with the exception of some specific datas.

(Magallanes said @ #1.3)

A unprivilegied users will not need a antivirus, cause he can't do permanent changes on the system with the exception of some specific datas.

Unless the virus finds a way to escalate its privileges e.g though an exploit, so yes anti-virus is still a good idea.