"Human error" contributes to nearly all cyber incidents, study finds

Share this article:
Top browsers exploited in first day of Pwn2Own
A new IBM report reveals that organizations experienced more than 91 million "security events" last year.

Even though organizations may have all of the bells and whistles needed in their data security arsenal, it's the human element that continues to fuel cyber incidents occurring, according to one recent study.

The “IBM Security Services 2014 Cyber Security Intelligence Index,” a report that includes cyber security data on close to 1,000 of IBM Security Services' clients located in 133 countries, indicates that “human error” is involved in more than 95 percent of the security incidents investigated in 2013.

The most prevalent form involves clicking on a malicious link found in a phishing message, while other forms include system misconfiguration, poor patch management, the use of default usernames and passwords – or using poor passwords – as well as lost laptops or mobile devices, according to the report.

“Protecting yourself or a company from a phishing attack is obviously not an easy task,” Nick Bradley, practice lead for the Threat Research Group at IBM, told SCMagazine.com in a Monday email correspondence. “If it were, phishing would not be as successful as it is. User education is a powerful tool…teach your employees that they should not provide personal information to unfamiliar requesters.”

The data examined by researchers belongs to organizations that have between 1,000 and 5,000 employees, and an average of 500 security devices deployed within their network.

Of the information collected on these enterprises, experts determined that the average organization experienced more than 91 million “security events” in 2013 – meaning a security device or application detected the event on the network – an increase of 12 percent from 2012.

Although there was a jump in the number of security events, those classified as “attacks,” which researchers define as malicious activity that attempts to “collect, disrupt…or destroy” resources within the network, dropped to an average of 16,900 attacks this year, compared to the 73,000 per organization in 2012.

According to the report, this is a result of evolved threat intelligence when analyzing the security events.

Page 1 of 2
Share this article:

Sign up to our newsletters

More in News

DDoS attacks remain up, stronger in Q2, report says

DDoS attacks remain up, stronger in Q2, report ...

Prolexic's second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.

Superman soars above fellow superheroes as most toxic search term

A McAfee study found that searches pertaining to Superman exposed users to the most infected websites.

Black Hat talk on Tor weaknesses canceled

Black Hat organizers say legal counsel for the Software Engineering Institute and Carnegie Mellon University nixed the session.