Human error is the leading cause of data breaches, a new report reiterates, so early detection should be IT managers' top priority.
What: The BakerHostetler Data Security Incident Response Report.
Why: Thirty-six percent of data security incidents handled last year by the BakerHostetler law firm were due to employee negligence, making it the leading cause of security incidents. According to the firm's newly released report, other causes were outsider and insider theft, malware and phishing attacks.
While no industry is immune from security threats, the healthcare sector appears to be taking the hardest hit, though that may be attributable to the industry’s data breach notification requirements. Other affected sectors include education, financial services, retail, insurance, technology, entertainment and hospitality. The study measured severity by number of affected individuals, with professional services and retail/hospitality services topping the list, and healthcare and government not too far behind.
This survey shows that “companies cannot eradicate security risk solely through the use of better technology,” the report authors said. Technical security solutions do not stop employees from being phished, nor prevent IT staff from failing to review logs or improperly configuring servers.
Developing stronger detection capabilities and shortening detection time is crucial to avoiding third-party breaches, financial consequences and public explanations. IT managers can use forensic data to break down what happened and limit the scope of damage. The report also suggests implementing security training and awareness to policies and procedures, having an incident response plan ready and working with security consultants to conduct necessary assessments.
Take away: “Our analysis shows that best-in-class cyber risk management starts with awareness that breaches cannot be prevented entirely, so emphasis is increasingly on defense-in-depth, segmentation, rapid detection and containment, coupled with ongoing effort to monitor threat intelligence and adapt to changing risks,” said BakerHostetler's Craig Hoffman.
Get more: www.bakerlaw.com
NEXT STORY: Cyber tools that maximize ROI (maybe)