Human error is the leading cause of data breaches, a new report reiterates, so early detection should be IT managers

READ ME

More evidence that employee negligence is security risk No. 1

What: The BakerHostetler Data Security Incident Response Report.

Why:  Thirty-six percent of data security incidents handled last year by the BakerHostetler  law firm were due to employee negligence, making it the leading cause of security incidents.  According to the firm's newly released report, other causes were outsider and insider theft, malware and phishing attacks.

While no industry is immune from security threats, the healthcare sector appears to be taking the hardest hit, though that may be attributable to the industry’s data breach notification requirements. Other affected sectors include education, financial services, retail, insurance, technology, entertainment and hospitality. The study measured severity by number of affected individuals, with professional services and retail/hospitality services topping the list, and healthcare and government not too far behind.

This survey shows that “companies cannot eradicate security risk solely through the use of better technology,” the report authors said.  Technical security solutions do not stop employees from being phished, nor prevent IT staff from failing to review logs or improperly configuring servers.

Developing stronger detection capabilities and shortening detection time is crucial to avoiding third-party breaches, financial consequences and public explanations. IT managers can use forensic data  to break down what happened and limit the scope of damage. The report also suggests implementing security training and awareness to policies and procedures, having an incident response plan ready and working with security consultants to conduct necessary assessments.

Take away: “Our analysis shows that best-in-class cyber risk management starts with awareness that breaches cannot be prevented entirely, so emphasis is increasingly on defense-in-depth, segmentation, rapid detection and containment, coupled with ongoing effort to monitor threat intelligence and adapt to changing risks,” said BakerHostetler's Craig Hoffman.

Get more: www.bakerlaw.com

About the Author

Amanda Ziadeh is a former reporter/producer for GCN.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected