Been Hacked? Human, System Errors Probably to Blame

There's a tendency to blame hackers for security breaches resulting in critical data being compromised. However, a new study finds that, in many cases, human negligence and system problems are also to blame.

Recently, security firm Symantec and the Ponemon Institute carried out a study investigating the causes of serious data breaches.

The findings were quite astounding: in more than one in three cases human error or negligence was to blame for a hack. Another 29 per cent of breaches were the result of system malfunctions.

Human Error, System Fails to Blame for Data Breaches

This means that, together, human error and system glitches account for 64 per cent of all data breaches. (Source: pcworld.com)

That said, at 37 per cent malicious attacks continue to represent the single highest cause of security breaches.

It's worth noting that the statistics varied widely depending on the country in question. In the vast majority of Brazilian cases where data is compromised (77 per cent), human error and system failures are to blame.

Meanwhile, in Germany there's almost a fifty-fifty split between malicious attack and human error / system failure.

Data Breaches Not About "Bad People"

Larry Ponemon, founder and chairman at the Ponemon Institute, says this indicates that, generally speaking, "data breaches normally aren't about bad people." (Source: pcworld.com)

In fact, it's "normally about good people making mistakes or business processes that fail," Ponemon said.

According to cybersecurity expert Timothy Zeilman, a key part of the hacking process involves taking advantage of human mistakes. "There are a number of ways that cyber attacks can be orchestrated," Zeilman said.

"But one of the common ways to do it is to take advantage of some weakness in human nature by getting someone to open an email or do something they shouldn't do if they were mindful of computer security at all times."

The key to changing this trend: educating people about what constitutes a serious security threat and using encryption technology to make all critical data difficult for hackers to access.

The cost of failure is high: on average, it costs a firm more than $5 million to recover from a serious data breach. (Source: informationweek.com)