Human error is the leading cause of data breaches, a new report reiterates, so early detection should be IT managers

READ ME

More evidence that employee negligence is security risk No. 1

What: The BakerHostetler Data Security Incident Response Report.

Why:  Thirty-six percent of data security incidents handled last year by the BakerHostetler  law firm were due to employee negligence, making it the leading cause of security incidents.  According to the firm's newly released report, other causes were outsider and insider theft, malware and phishing attacks.

While no industry is immune from security threats, the healthcare sector appears to be taking the hardest hit, though that may be attributable to the industry’s data breach notification requirements. Other affected sectors include education, financial services, retail, insurance, technology, entertainment and hospitality. The study measured severity by number of affected individuals, with professional services and retail/hospitality services topping the list, and healthcare and government not too far behind.

This survey shows that “companies cannot eradicate security risk solely through the use of better technology,” the report authors said.  Technical security solutions do not stop employees from being phished, nor prevent IT staff from failing to review logs or improperly configuring servers.

Developing stronger detection capabilities and shortening detection time is crucial to avoiding third-party breaches, financial consequences and public explanations. IT managers can use forensic data  to break down what happened and limit the scope of damage. The report also suggests implementing security training and awareness to policies and procedures, having an incident response plan ready and working with security consultants to conduct necessary assessments.

Take away: “Our analysis shows that best-in-class cyber risk management starts with awareness that breaches cannot be prevented entirely, so emphasis is increasingly on defense-in-depth, segmentation, rapid detection and containment, coupled with ongoing effort to monitor threat intelligence and adapt to changing risks,” said BakerHostetler's Craig Hoffman.

Get more: www.bakerlaw.com

About the Author

Amanda Ziadeh is a former reporter/producer for GCN.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected