Print 42 comment(s) - last by MattCoz.. on Feb 7 at 1:34 PM

Even the world's most secure systems can be compromised, thanks to user nincompoopery

Every year Deloitte releases an in-depth study on the state of IT security.  And every year it returns with the same predictable result.  Systems are most vulnerable not necessarily due to clever attacks or weaker than necessary defenses, but rather due to the carelessness of their users.

Adel Melek, global leader of security and privacy services at Deloitte Touche Tohmatsu notes, "People continue to be an organization's greatest asset as well as its greatest worry.  That has not changed from 2007. What has changed is the environment. The economic meltdown was not at its peak when respondents took this survey. If there was ever an environment more likely to facilitate an organization's people being distracted, nervous, fearful, or disgruntled, this is it. To state that security vigilance is even more important at a time like this is an understatement."

While much of the study falls into the realm of the painfully obvious (such as that robots are unlikely to replace humans in security in our lifetimes) it does raise some interesting points.  The obvious solution to the problem -- denial of access -- just doesn't work, it states.  The result is that productivity necessitates connectivity, raising security dangers.  The report states, "
Human error is overwhelmingly stated as the greatest weakness this year (86%), followed by technology (a distant 63%)."

Social networking and new technologies are cited as critical threats to security.  The good news, according to a separate research firm,
Identity Theft Resource Center, is that data breaches due to human error declined slightly in 2008.  Still, such breaches encompass 35.2 percent of the cases studied which had a reported cause.

In Deloitte's Global Security Survey, it showed more positive signs as well.  External breaches arising from viruses and worms dropped from affecting 43 percent of respondents in 2007 to 15 percent in 2008.  Email attacks likewise fell from 57 percent to 24 percent.  Phishing attacks also fell greatly, down to 7 percent from 38 percent the previous year.

Of the respondents, 80 percent reported being on the receiving end of an external attack which succeeded in breaching their systems.  And 70 percent reported internal attacks breaching their systems.  The biggest cause for internal breaches was found to be viruses and worms, which hit the systems of 11 percent of respondents.

The study states that the industry, while successful in greatly cutting email and phishing attacks, is having trouble stamping them out entirely.  This is due largely to their diverse nature.  Still, the study states that firms are getting better prepared to prevent repeated attacks from viruses or worms.

As to the threats posed by user error, recent studies have shown that many users will click on windows that are obviously malware-loaded, in a misguided effort to make them disappear.  These studies and others show that you can build an imposing castle, but it can't protect you from people inside it opening the gate.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Steve1981 on 2/5/2009 2:42:22 PM , Rating: 5
There's a newsflash...

RE: Duh...
By acase on 2/5/2009 2:45:33 PM , Rating: 5
Yah, did we really need the Toilet Douche Tomato to tell us that?

RE: Duh...
By Screwballl on 2/5/2009 3:20:55 PM , Rating: 3

When I saw that name I thought the exact same thing... toilet douche tomato? Sounds like marketing for an unpleasant female upkeep item... what does this have to do with human security? unless....

RE: Duh...
By Pandamonium on 2/6/2009 12:33:07 AM , Rating: 2
D&T is one of the largest audit/consulting firms out there...

RE: Duh...
By Borkil on 2/5/09, Rating: -1
RE: Duh...
By jadeskye on 2/5/09, Rating: 0
RE: Duh...
By afkrotch on 2/5/2009 3:06:32 PM , Rating: 1

RE: Duh...
By Cuddlez on 2/5/2009 7:48:11 PM , Rating: 2

RE: Duh...
By Bender 123 on 2/5/2009 2:51:25 PM , Rating: 3
Next study at the department of Duh is:

What is more to blame for computer problems in the home? Hardware faults or PEBKAC?

RE: Duh...
By True Strike on 2/5/2009 2:53:34 PM , Rating: 4
This seems obvious, I am amazed everyday at how little sense users have with computer systems in general, let alone data security.

My favorite example: (warning, there is a little crude language)

Password = "the letter 'a'"

RE: Duh...
By TomZ on 2/5/2009 3:13:57 PM , Rating: 2
Wow - that is funny - I almost hurt myself laughing!

RE: Duh...
By Steve1981 on 2/5/2009 3:18:40 PM , Rating: 2
That is one of my personal favorites...

RE: Duh...
By Etsp on 2/5/2009 4:59:13 PM , Rating: 2
"You can't arrange icons by penis." LOL

RE: Duh...
By Hydrofirex on 2/5/2009 5:32:51 PM , Rating: 2
Truly, one of the best one-liners ever!

On an aside, has anyone heard if they are adding arrange by penis to windows 7?


RE: Duh...
By JediSmurf on 2/5/2009 7:16:56 PM , Rating: 2
That was awesome. "The website was at the tip of the penis!"

RE: Duh...
By rudolphna on 2/5/2009 10:24:40 PM , Rating: 2
that was freakin awesome lol I love that. You cant arrange by penis.... lol

RE: Duh...
By SiliconAddict on 2/6/2009 12:17:12 AM , Rating: 2
*dies laughing* You can't arrange them by penis! *falls off his chair*

RE: Duh...
By BruceLeet on 2/6/2009 1:00:52 PM , Rating: 2
That was hilarious, Ive just sent it to all two people who would 'get it'

RE: Duh...
By AlexWade on 2/5/2009 3:01:32 PM , Rating: 2
How much did this study cost? I would have told the exact same answer for half the price!

why can't i get a job doing these surveys?
By RamarC on 2/5/2009 2:42:53 PM , Rating: 4
they must have worked long and hard on this survey to conclude "careless users cause the most security problems".

i guess next they'll tackle the age-old question of "do men like big-breasted women."

RE: why can't i get a job doing these surveys?
By gstrickler on 2/5/2009 2:57:47 PM , Rating: 2
Your question is too complicated. You should study "Do men like women?". Then, you can conclude:

Men like women, particularly women in the any of the following categories:
Big-breasted women
Medium-breasted women
Small-breasted women
Thin women
Athletic women
Petite women
Young women
Sexy women

That's a much more involved study so it will take longer and cost a lot more.

RE: why can't i get a job doing these surveys?
By RamarC on 2/5/2009 3:20:19 PM , Rating: 3
I'll volunteer to "participate" in that study.

But why'd you leave "big beautiful women" off your list. Big girls need lovin' too.

RE: why can't i get a job doing these surveys?
By gstrickler on 2/5/2009 3:23:14 PM , Rating: 2
It's an example list, not an exhaustive list.

RE: why can't i get a job doing these surveys?
By PrinceGaz on 2/5/2009 6:55:21 PM , Rating: 2
I should hope so, because the survey would need to have answers that allow for conclusions that some men like men either as well as women, or instead of women.

By Spuke on 2/5/2009 7:18:08 PM , Rating: 2
because the survey would need to have answers that allow for conclusions that some men like men either as well as women, or instead of women.
No it doesn't.

By MattCoz on 2/7/2009 1:34:49 PM , Rating: 3
...but they gotta pay.

RE: why can't i get a job doing these surveys?
By afkrotch on 2/5/2009 3:13:12 PM , Rating: 3
After 10 years and a $55 billion dollars in federal budget funds, there is finally a conclusion from the National Oceanic and Atmospheric Administration environmental study.

Water is wet.
If water gets on you, you in turn, become wet.

The Obama Administration plans to fund another $35 billion in the stimulus package to find out how this conclusion will affect US citizens.

RE: why can't i get a job doing these surveys?
By johnsonx on 2/5/2009 6:33:13 PM , Rating: 3
$35 billion sounds like pork... make it $350 billion, now THAT's stimulus!

RE: why can't i get a job doing these surveys?
By PogoThePrez on 2/5/2009 6:39:49 PM , Rating: 2
Can't do that cause they need that money to fund the study as to why the sun hurts your eyes.

By afkrotch on 2/5/2009 7:29:34 PM , Rating: 1
Or the "Effects of Pesticides on Insects."

Well if companies...
By Marlin1975 on 2/5/2009 2:52:41 PM , Rating: 2
would not require every program to use a different password with different requirments and also not allowed to use the last 10 passwords and so forth that would be a start.

I work Fed gov and I have 6 different things that require a password. I try to use a similar password to help remember them and the shortest password is 13 letters/Nums/Cap/etc... and the longest is 16. I know a lot of people that have theirs written down. Whcih defeats the whole purpose.

A 5 letter password is better then a 18 mixed one that is written down near the system.

RE: Well if companies...
By afkrotch on 2/5/2009 3:20:11 PM , Rating: 2
Guess you're not using a CAC yet. Not like it really matters to much for me.

I need a pin for the CAC to login. My admin account requires a 16 character password. Our servers also have an admin account password. Each server tends to have around another 5-10 accounts each with their own password. I have to remember 3 different pins. One to enter the bldg, one to enter the NIPR server room, and one to enter the SIPR server room. Also 2 SIPR accounts (normal and admin) each with their own 16 character passwords. The SIPR servers also have passwords.

We have a cold site with more servers and passwords. I have accounts at other military/federal/national website for my admin duties. It gets a whole lot of crazy when you're on the admin side of things.

I end up locking my account out for most everything, cept for standard CAC and NIPR admin account.

RE: Well if companies...
By PrinceGaz on 2/5/2009 7:00:27 PM , Rating: 1
Which is why you should either always carry the written down passwords with you in person, or have them on the computer all in a file protected by a single easily memorable password which only you know (such as "passwords"), so you can copy and paste them whenever needed. That way you maintain the highest possible security for all applications, without having to remember lots of long passwords yourself.

As Sarge would say...
By True Strike on 2/5/2009 3:06:15 PM , Rating: 4
Put that on a memo and entitle it, "Sh!t I Already Know"!

Hiring procedures?
By dflynchimp on 2/5/2009 3:37:21 PM , Rating: 2

This just in...
By Some1ne on 2/5/2009 5:23:18 PM , Rating: 2
A new study has revealed that water is wet, the sky is blue, and that mysterious force that pulls things down towards the ground is called "gravity"!

By rtrski on 2/5/2009 5:41:58 PM , Rating: 2
...I mean, reading the news, has ANYONE in Wash D.C. managed to pay all their taxes? Give me a break.

(yes, this is almost completely OT. Also intended to be quite tongue-in-cheek. Is anyone surprised that human error is the biggest source of failure in ANYTHING? Engineering, practice of medicine or law, security, outcome of battles in war, relationships....)

By FaceMaster on 2/6/2009 6:48:33 AM , Rating: 2
Any sensible person on youtube will understand that, considering the standards of youtube users.

By rburnham on 2/6/2009 10:37:34 AM , Rating: 2
Human error? HAHAHHAHAHA.... stupid humans.

Holy #*#*.
By icanhascpu on 2/6/2009 2:38:33 PM , Rating: 2
That is all.

By astralsolace on 2/5/2009 4:40:43 PM , Rating: 1
In other news today, the National Science Foundation revealed in a $50 billion study that water is wet and snow is cold.

Scientists around the globe praised the NSF for their bravery on continuing on with such valuable research in the face of economic crisis.

Not for long
By DigitalFreak on 2/5/09, Rating: 0
"The whole principle [of censorship] is wrong. It's like demanding that grown men live on skim milk because the baby can't have steak." -- Robert Heinlein

Most Popular ArticlesSmartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
UN Meeting to Tackle Antimicrobial Resistance
September 21, 2016, 9:52 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Update: Problem-Free Galaxy Note7s CPSC Approved
September 22, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki