Human error is the leading cause of data breaches, a new report reiterates, so early detection should be IT managers

READ ME

More evidence that employee negligence is security risk No. 1

What: The BakerHostetler Data Security Incident Response Report.

Why:  Thirty-six percent of data security incidents handled last year by the BakerHostetler  law firm were due to employee negligence, making it the leading cause of security incidents.  According to the firm's newly released report, other causes were outsider and insider theft, malware and phishing attacks.

While no industry is immune from security threats, the healthcare sector appears to be taking the hardest hit, though that may be attributable to the industry’s data breach notification requirements. Other affected sectors include education, financial services, retail, insurance, technology, entertainment and hospitality. The study measured severity by number of affected individuals, with professional services and retail/hospitality services topping the list, and healthcare and government not too far behind.

This survey shows that “companies cannot eradicate security risk solely through the use of better technology,” the report authors said.  Technical security solutions do not stop employees from being phished, nor prevent IT staff from failing to review logs or improperly configuring servers.

Developing stronger detection capabilities and shortening detection time is crucial to avoiding third-party breaches, financial consequences and public explanations. IT managers can use forensic data  to break down what happened and limit the scope of damage. The report also suggests implementing security training and awareness to policies and procedures, having an incident response plan ready and working with security consultants to conduct necessary assessments.

Take away: “Our analysis shows that best-in-class cyber risk management starts with awareness that breaches cannot be prevented entirely, so emphasis is increasingly on defense-in-depth, segmentation, rapid detection and containment, coupled with ongoing effort to monitor threat intelligence and adapt to changing risks,” said BakerHostetler's Craig Hoffman.

Get more: www.bakerlaw.com

About the Author

Amanda Ziadeh is a Reporter/Producer for GCN.

Prior to joining 1105 Media, Ziadeh was a contributing journalist for USA Today Travel's Experience Food and Wine site. She's also held a communications assistant position with the University of Maryland Office of the Comptroller, and has reported for the American Journalism Review, Capitol File Magazine and DC Magazine.

Ziadeh is a graduate of the University of Maryland where her emphasis was multimedia journalism and French studies.

Click here for previous articles by Ms. Ziadeh or connect with her on Twitter: @aziadeh610.


inside gcn

  • analytics (Wright Studio/Shutterstock.com)

    3 data strategies to help crackdown on internal corruption

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group