"Human error" contributes to nearly all cyber incidents, study finds

Share this article:
Top browsers exploited in first day of Pwn2Own
A new IBM report reveals that organizations experienced more than 91 million "security events" last year.

Even though organizations may have all of the bells and whistles needed in their data security arsenal, it's the human element that continues to fuel cyber incidents occurring, according to one recent study.

The “IBM Security Services 2014 Cyber Security Intelligence Index,” a report that includes cyber security data on close to 1,000 of IBM Security Services' clients located in 133 countries, indicates that “human error” is involved in more than 95 percent of the security incidents investigated in 2013.

The most prevalent form involves clicking on a malicious link found in a phishing message, while other forms include system misconfiguration, poor patch management, the use of default usernames and passwords – or using poor passwords – as well as lost laptops or mobile devices, according to the report.

“Protecting yourself or a company from a phishing attack is obviously not an easy task,” Nick Bradley, practice lead for the Threat Research Group at IBM, told SCMagazine.com in a Monday email correspondence. “If it were, phishing would not be as successful as it is. User education is a powerful tool…teach your employees that they should not provide personal information to unfamiliar requesters.”

The data examined by researchers belongs to organizations that have between 1,000 and 5,000 employees, and an average of 500 security devices deployed within their network.

Of the information collected on these enterprises, experts determined that the average organization experienced more than 91 million “security events” in 2013 – meaning a security device or application detected the event on the network – an increase of 12 percent from 2012.

Although there was a jump in the number of security events, those classified as “attacks,” which researchers define as malicious activity that attempts to “collect, disrupt…or destroy” resources within the network, dropped to an average of 16,900 attacks this year, compared to the 73,000 per organization in 2012.

According to the report, this is a result of evolved threat intelligence when analyzing the security events.

Page 1 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.

Woman charged with using spyware on former cop

Kristin Nyunt of Monterey, Calif., is charged with two counts of illegal wiretapping and possession of illegal interception devices and faces a sentence of up to five years in prison.