"Human error" contributes to nearly all cyber incidents, study finds

Share this article:
Top browsers exploited in first day of Pwn2Own
A new IBM report reveals that organizations experienced more than 91 million "security events" last year.

Even though organizations may have all of the bells and whistles needed in their data security arsenal, it's the human element that continues to fuel cyber incidents occurring, according to one recent study.

The “IBM Security Services 2014 Cyber Security Intelligence Index,” a report that includes cyber security data on close to 1,000 of IBM Security Services' clients located in 133 countries, indicates that “human error” is involved in more than 95 percent of the security incidents investigated in 2013.

The most prevalent form involves clicking on a malicious link found in a phishing message, while other forms include system misconfiguration, poor patch management, the use of default usernames and passwords – or using poor passwords – as well as lost laptops or mobile devices, according to the report.

“Protecting yourself or a company from a phishing attack is obviously not an easy task,” Nick Bradley, practice lead for the Threat Research Group at IBM, told SCMagazine.com in a Monday email correspondence. “If it were, phishing would not be as successful as it is. User education is a powerful tool…teach your employees that they should not provide personal information to unfamiliar requesters.”

The data examined by researchers belongs to organizations that have between 1,000 and 5,000 employees, and an average of 500 security devices deployed within their network.

Of the information collected on these enterprises, experts determined that the average organization experienced more than 91 million “security events” in 2013 – meaning a security device or application detected the event on the network – an increase of 12 percent from 2012.

Although there was a jump in the number of security events, those classified as “attacks,” which researchers define as malicious activity that attempts to “collect, disrupt…or destroy” resources within the network, dropped to an average of 16,900 attacks this year, compared to the 73,000 per organization in 2012.

According to the report, this is a result of evolved threat intelligence when analyzing the security events.

Page 1 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

EPIC files complaint with FTC against Maricopa

The nonprofit organization alleges that the Maricopa County Community College District violated the FTC's "Safeguards Rule."

RSA fraud report examines August phishing trends

Phishing is down 22 percent from July to August, but U.S. banks experienced an increase in phishing volume.

Kevin Mitnick to sell zero-day exploits

Kevin Mitnick's new venture will develop and procure zero-day exploits, then sell them for $100,000 or more.