Forget hackers, the fool next to you is the real threat
The most common threat to government data is human error rather than malicious hackers or code, according to an analysis of reported data breaches by the security intelligence company Rapid7. This is not necessarily good news for IT security professionals charged with keeping malware and hackers out of government systems. Rather it is a reflection that the boneheaded, like the poor, will always be with us.
Unintended disclosure was responsible for 29 percent of incidents reported by agencies over the last three years, putting it in first place in terms of number of breaches. In terms of number of records exposed, loss or theft of portable devices was number one, exposing more than 80 million records, for a whopping 86 percent of that total.
Hacking and malware came in well down the list, with 40 incidents exposing about 1 million records.
The data was culled by Rapid7 from the Chronology of Data Breaches maintained by the Privacy Rights Clearinghouse.
Progress is being made on the challenge of protecting data on portable devices that are easy to lose and attractive targets for thieves, however. These types of losses have declined since 2010, and the increased use of technology such as full-disk encryption is helping to keep sensitive data confidential even if the device disappears.
Protecting systems against malware and hackers is likely to remain a challenge regardless of shifts in the data threat landscape, said Rapid7 security researcher Marcus Carey. “Government agencies are going to be continually attacked by malware because there are people out there who want the information,” he said.
Because of the difficulty of gathering accurate statistics about the number and impact of data breaches, it probably is best not to use these numbers to identify anything but broadest trends, however.