Network Security

“Human error” contributes to nearly all cyber incidents, study finds

Even though organizations may have all of the bells and whistles needed in their data security arsenal, it's the human element that continues to fuel cyber incidents occurring, according to one recent study.

The “IBM Security Services 2014 Cyber Security Intelligence Index,” a report that includes cyber security data on close to 1,000 of IBM Security Services' clients located in 133 countries, indicates that “human error” is involved in more than 95 percent of the security incidents investigated in 2013.

The most prevalent form involves clicking on a malicious link found in a phishing message, while other forms include system misconfiguration, poor patch management, the use of default usernames and passwords – or using poor passwords – as well as lost laptops or mobile devices, according to the report.

“Protecting yourself or a company from a phishing attack is obviously not an easy task,” Nick Bradley, practice lead for the Threat Research Group at IBM, told SCMagazine.com in a Monday email correspondence. “If it were, phishing would not be as successful as it is. User education is a powerful tool…teach your employees that they should not provide personal information to unfamiliar requesters.”

The data examined by researchers belongs to organizations that have between 1,000 and 5,000 employees, and an average of 500 security devices deployed within their network.

Of the information collected on these enterprises, experts determined that the average organization experienced more than 91 million “security events” in 2013 – meaning a security device or application detected the event on the network – an increase of 12 percent from 2012.

Although there was a jump in the number of security events, those classified as “attacks,” which researchers define as malicious activity that attempts to “collect, disrupt…or destroy” resources within the network, dropped to an average of 16,900 attacks this year, compared to the 73,000 per organization in 2012.

According to the report, this is a result of evolved threat intelligence when analyzing the security events.

Of those same attacks experienced by enterprises, an average of 109 are classified as actual “incidents,” which prompted security analysts to give them a closer look. These increased from 90 in 2012.

“Many factors have contributed to this increase: detection capabilities and increased availability of mobile technology are two examples,” Bradley said. “As the world's internet footprint grows, so will the potential for attacks.”

In addition to the number of threats organizations faced, the study sheds light on what attackers prefer in their cyber armory.

Leading the way is malicious code including trojans, keyloggers and droppers, which were involved in 38 percent of the security incidents, followed by sustained probes or scans, which the study describes as “reconnaissance activity usually designed to gather information about the targeted systems.”

Bradley believes that while the world continues to produce new technology, keeping up with the security that should be incorporated proves to be a problem.

“The world is struggling to keep up with its own progress,” Bradley said. “I am more than willing to believe that there are attacks and compromises taking place that go undetected on a daily basis simply due to the challenge of keeping up.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.