These are quick first looks and trend and threats


Read More >>
Written by the security and AV professionals from team K7, meant for the general audience
Read More >>
These are usually articles that go into internals of a virus or deal with security issues
Read More >>
Senior managers speak on areas of interest to them, inside and outside the industry
Read More >>

Most security breaches unintentional, claims report

A report on business IT security has played down the notion of malicious “insider” computer security attacks, claiming that the majority of security flaws and breaches happen completely by accident.

A survey by e-commerce security vendor RSA claimed that businesses believed that 52% of internal IT security breaches were accidental, with only 19% being deliberate actions by employees.

The results go against a common perception in the industry, with many of the belief that high profile security breaches were most commonly the result of premeditated, malicious actions.

“Unintentional risk gets overlooked, yet it’s the most serious threat to business,” said the RSA’s Chris Young.

“The sexy incident where someone gets arrested for stealing records and selling them to a third party for a lot of money is the stuff that catches the attention of the media, the regulators, executives and Congress people.

“But this is not necessarily where organisations have 100% of the risk,” said Mr Young, the RSA’s senior vice president of products.

The study conducted by the RSA and IT analysts IDC examined 11 different categories of risk ranging from malware and spyware to employees having excessive access to systems and from unintentional data loss to malicious acts for personal gain. Around 400 businesses from the US, UK, France and Germany, working across sectors including finance, telecommunications and healthcare were examined as part of the survey.

The report concluded that the difference between the most frequent type of cyber breach – unintentional data loss, at 14.4% per year, and the bottom of the list – internal fraud, at 10.6% – represented a clear signal that no single solution can address all potential internal security risks.

The report also noted that whether the threats are accidental or deliberate, the cost to a company of a cyber breach is still the same. The survey put the estimated cost of employee-related security breaches at around $800,000 per year for companies in the US, with companies in the UK, France and Germany facing an annual bill of between $180,000 and $330,000.

Tags: ,

Comments are closed.