Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


INTERNAL SNAFUS CAUSE OF MOST BREACHES, STUDY SAYS

Source: ComputerWorld

Posted on March 20, 2007

      This year, more than 72 million records containing Social Security and credit card numbers, birth dates and other personal data will be exposed to unauthorized users in the U.S., according to a study by researchers at the University of Washington in Seattle.

      And, the researchers said, the main culprit isn't the oft-vilified malicious hacker. Instead, they blamed snafus inside companies as the biggest cause of data breaches.

      That conclusion was based on a review of 550 security breaches that were reported in major U.S. news outlets between 1980 and last year. The goal was to examine the role that organizational behavior plays in privacy violations.

      The study found that 61% of the incidents involved internal foul-ups, such as accidentally putting personal information online or losing track of backup tapes and other equipment.

      In contrast, 31% of the breaches were perpetrated by external hackers, said Philip Howard, an assistant professor of communication at the University of Washington and a co-author of the report. The remainder of the breaches had unspecified causes, he added.

      The university study is reinforced by similar findings from other researchers. For instance, a report released last week by the IT Policy Compliance Group said that human error is the overwhelming cause of losses of sensitive data contributing to 75% of all occurrences, compared with 20% for malicious hacking activity. Similarly, in an electronic poll of attendees at Computerworld's Premier 100 IT Leaders Conference this month, the 161 respondents pointed to "activities by internal staffers," "ineffective policies" and "sloppy mobile workers" as the biggest sources of security breaches. Only 11% of the respondents fingered external hackers as the leading cause of breaches at their organizations.

      Even in cases that were publicly blamed on hackers, the reality can be more nuanced, Howard said.

      One example was the huge data breach at Acxiom Corp. in 2003, when a hacker who was later caught stole 1.6 billion customer records. He was able to get at the data largely because of Acxiom's failure to establish proper access controls, Howard said.

      Tom Lindblom, chief technology officer at Carpinteria, Calif.-based CKE Restaurants Inc., which owns fast-food chains such as Hardee's and Carl's Jr., said he thinks businesses are getting savvier about implementing internal controls that can mitigate the kinds of organizational problems highlighted by the University of Washington study. That's being driven partly by increased audit and regulatory requirements, he said.

      As a result, Lindblom noted, it's hard to pinpoint whether hackers or internal problems pose the greater security risk at this point.

      "I don't think it's a case of one or the other," he said, adding that it's important to address both types of threats in risk management planning.

      "Certainly, we find that data breaches are often the result of negligence," said Avivah Litan, an analyst at Gartner Inc.

      Examples cited by Litan include not changing passwords or using weak passwords, along with a tendency on the part of individual users to leave log files or sensitive data lying around unprotected.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.