Hacking Surpassing Human Error For Data Breaches?

from the is-that-good-or-bad? dept

A couple years ago, we noted that the old claim that “insiders” were the biggest data breach threat was no longer true, as other threats were becoming a much bigger deal. While that study seemed to use very different methodology, a new study is out that agrees that insiders are a much smaller threat, but notes that outside hacking surpassed “human error” as the cause of data breaches in 2009. While it’s good that human error issues are decreasing as a percentage, is it worrisome that outside hack attacks are now becoming such a major problem? The good news in the data is that there were supposedly fewer reported attacks in 2009 (by a pretty large amount) compared to 2008 — so one possible reading of the data is that people have been effective in preventing things like human error breaches much more often, which is what allowed outside hack attacks to take the lead on a percentage basis. However, with recent stories of things like China’s hack attack on Google it seems like we’ll be hearing more and more stories about these sorts of attacks for one important reason: in many (certainly not all) cases, they can be quite effective.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Hacking Surpassing Human Error For Data Breaches?”

Subscribe: RSS Leave a comment
Falvour says:

Straw man?

“Insiders” != “human error”, and it’s pretty disingenuous to act as though those are equivalent. Take the TJX data breach, for example — insider info could have been used, and that’s no “human error”.

Retail stores know very well that their own employees are the greatest security risk for shoplifting or malfeasance, and a survey last year apparently indicated that a fair number of IT pros will grab confidential data on the way out of the company, even if they don’t use it. Didn’t anybody here read Halting State?

Anonymous Coward says:

Re: Re: Straw man?

Only if you consider a catastrophic failure to implement and follow known (and incessantly repeated by data security folks) best practices a human error. And I mean that’s crazy talk. Or maybe if you consider a tight focus on passing a security systems audit that you know about in advance and that only happens once a year–while ignoring it the rest of the year–to be a human error. Most likely, though, it’s just a stunning coincidence that the data crime attacks become more sophisticated as the defenses fall out of use. Right?

Chargone (profile) says:

you know, I’m always wary of claims that ‘reports of X have reduced’ is a good thing. while it can represent that the issues have reduced, and thus the problem is being solved, it can also very often mean that the people who would report things have so lost faith in the system that they no longer see it as worth the effort (that’s happened here with a lot of lesser crimes. people just don’t bother reporting them much.) alternatively, for many businesses it’s in their interest to appear more secure than they acutally are, so they may simply under report such.

of course, there’s no Other way to know how much of such a thing is happening, i suppose, but the automatic assumption that less reports = less issues isn’t always the right one.

‘course, this may be simple paranoia speaking. hehe.

Simon says:

Insider Attacks

Keep in mind that insider attacks are often quietly dealt with to avoid embarrassment to all parties. If some rogue employee is found lifting data, then it may be mutually agreeable for that person to leave the company. That way the company doesn’t have to deal with admitting to their customers that there was (and still is) a risk to their digital assists, and the employee has an improved chance of finding another job or maybe even avoiding a criminal prosecution.

Janice Taylor Gaines (profile) says:

Most Orgs and Individuals Enjoy "Security" as a Matter or Luck

I’d be curious to know if anyone else here is reading “I.T. WARS”? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors – as well as system failures. Even when considering hacking; it can only happen due to poor systems and security design, or poor practice within the org. The book has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google “IT WARS” – check out a couple links down and read the interview with the author David Scott. (Full title is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium”).

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Older Stuff
09:00 Awesome Stuff: Monitor Everything (5)
09:00 Awesome Stuff: Cool Components (1)
12:42 Tech Companies Ask European Commission Not To Wreck The Internet -- And You Can Too (4)
09:00 Awesome Stuff: Play & Listen (1)
09:00 Awesome Stuff: Beyond Chiptunes (12)
09:00 Awesome Stuff: Updated Classics (3)
09:00 Awesome Stuff: Celebrating Cities (1)
09:00 Awesome Stuff: Crafts Of All Kinds (5)
09:00 Awesome Stuff: One Great Knob (13)
09:00 Awesome Stuff: Simple Geeky Toys (2)
09:00 Awesome Stuff: Gadgets For The New Year (18)
09:00 Awesome Stuff: A Post-Holiday Grab Bag (0)
13:34 How Private-Sector Innovation Can Help Those Most In Need (21)
09:00 Awesome Stuff: Towards The Future Of Drones (17)
09:00 Awesome Stuff: Artisanal Handheld Games (5)
09:00 Awesome Stuff: A New Approach To Smartphone VR (5)
09:00 Awesome Stuff: Let's Bore The Censors (37)
09:00 Awesome Stuff: Open Source For Your Brain (2)
09:00 Awesome Stuff: The Final Piece Of The VR Puzzle? (6)
09:00 Awesome Stuff: The Internet... Who Needs It? (15)
09:00 Awesome Stuff: The Light Non-Switch (18)
09:00 Awesome Stuff: 3D Printing And Way, Way More (7)
13:00 Techdirt Reading List: Learning By Doing (5)
12:43 The Stagnation Of eBooks Due To Closed Platforms And DRM (89)
09:00 Awesome Stuff: A Modular Phone For Makers (5)
09:00 Awesome Stuff: Everything On One Display (4)
09:00 Awesome Stuff: Everything Is Still A Remix (13)
09:00 Awesome Stuff: Great Desk Toy, Or Greatest Desk Toy? (6)
09:00 Awesome Stuff: Sleep Hacking (12)
09:00 Awesome Stuff: A Voice-Operated Household Assistant (19)
More arrow