Stupid humans and their EXPENSIVE DATA BREACHES

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.theregister.co.uk/2014/12/05/stupid_humans_and_their_data_breaches/


UK data breaches are increasingly being traced back to human error, despite
the growing emphasis on data protection.

A Freedom of Information (FOI) request to data privacy watchdogs at the
Information Commissioner’s Office (ICO) revealed that a quarter of reported
data breaches during the first three months of 2014 were caused by the
accidental loss or destruction of personal data.

These figures are up from 15 per cent for the second half of 2013,
according to encryption services provider Egress Software Technologies.

Many of these breaches (43 per cent) involved confidential information
being disclosed in error, primarily through emailing, faxing or posting
data to an incorrect recipient.

Only seven per cent of breaches for the period occurred as a result of
technical failings. The remaining 93 per cent were down to human error,
poor processes and systems in place, and lack of care when handling data.

"To date no fines have been levied due to technical failings exposing
confidential data, whereas a total £5.1m in fines has been issued for
mistakes made when handling sensitive information," according to Egress.

Healthcare organisations top the list of most data breaches with 183 in
2014, doubling from 91 breaches in 2013. The number of data breaches in
insurance and among lenders both tripled in 2014 compared with last year.
Telecoms (150 per cent) and recruitment (300 per cent) also experienced big
increases.

Since 2010, the total number of fines issued by the ICO for violations to
the Data Protection Act amounts to than £6.7m. Public sector organisations
make up the lion's share (£4.5m) of these fines.

Egress provides a range of encryption services for secure data transfer,
offering on-demand security for organisations and individuals sharing
confidential information electronically, according to online sources.

“It is concerning that such a high number of data breaches occur as a
result of human error and poor processes, let alone the fact that this
figure is actually rising," said Egress Software chief exec Tony Pepper.
"Of course, we will never be able to completely rule out people making
mistakes, but clearly safeguards are urgently needed."

“What these statistics demonstrate is that training alone is not the
answer,” according to Pepper, who argued that encryption technologies and
other technical controls offer a more effective means to guard against data
breaches than trying to coach staff into following data handling
guidelines.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!