BreachExchange mailing list archives
Stupid humans and their EXPENSIVE DATA BREACHES
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 5 Dec 2014 20:53:42 -0700
http://www.theregister.co.uk/2014/12/05/stupid_humans_and_their_data_breaches/ UK data breaches are increasingly being traced back to human error, despite the growing emphasis on data protection. A Freedom of Information (FOI) request to data privacy watchdogs at the Information Commissioner’s Office (ICO) revealed that a quarter of reported data breaches during the first three months of 2014 were caused by the accidental loss or destruction of personal data. These figures are up from 15 per cent for the second half of 2013, according to encryption services provider Egress Software Technologies. Many of these breaches (43 per cent) involved confidential information being disclosed in error, primarily through emailing, faxing or posting data to an incorrect recipient. Only seven per cent of breaches for the period occurred as a result of technical failings. The remaining 93 per cent were down to human error, poor processes and systems in place, and lack of care when handling data. "To date no fines have been levied due to technical failings exposing confidential data, whereas a total £5.1m in fines has been issued for mistakes made when handling sensitive information," according to Egress. Healthcare organisations top the list of most data breaches with 183 in 2014, doubling from 91 breaches in 2013. The number of data breaches in insurance and among lenders both tripled in 2014 compared with last year. Telecoms (150 per cent) and recruitment (300 per cent) also experienced big increases. Since 2010, the total number of fines issued by the ICO for violations to the Data Protection Act amounts to than £6.7m. Public sector organisations make up the lion's share (£4.5m) of these fines. Egress provides a range of encryption services for secure data transfer, offering on-demand security for organisations and individuals sharing confidential information electronically, according to online sources. “It is concerning that such a high number of data breaches occur as a result of human error and poor processes, let alone the fact that this figure is actually rising," said Egress Software chief exec Tony Pepper. "Of course, we will never be able to completely rule out people making mistakes, but clearly safeguards are urgently needed." “What these statistics demonstrate is that training alone is not the answer,” according to Pepper, who argued that encryption technologies and other technical controls offer a more effective means to guard against data breaches than trying to coach staff into following data handling guidelines.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Stupid humans and their EXPENSIVE DATA BREACHES Audrey McNeil (Dec 15)