Print 42 comment(s) - last by MattCoz.. on Feb 7 at 1:34 PM

Even the world's most secure systems can be compromised, thanks to user nincompoopery

Every year Deloitte releases an in-depth study on the state of IT security.  And every year it returns with the same predictable result.  Systems are most vulnerable not necessarily due to clever attacks or weaker than necessary defenses, but rather due to the carelessness of their users.

Adel Melek, global leader of security and privacy services at Deloitte Touche Tohmatsu notes, "People continue to be an organization's greatest asset as well as its greatest worry.  That has not changed from 2007. What has changed is the environment. The economic meltdown was not at its peak when respondents took this survey. If there was ever an environment more likely to facilitate an organization's people being distracted, nervous, fearful, or disgruntled, this is it. To state that security vigilance is even more important at a time like this is an understatement."

While much of the study falls into the realm of the painfully obvious (such as that robots are unlikely to replace humans in security in our lifetimes) it does raise some interesting points.  The obvious solution to the problem -- denial of access -- just doesn't work, it states.  The result is that productivity necessitates connectivity, raising security dangers.  The report states, "
Human error is overwhelmingly stated as the greatest weakness this year (86%), followed by technology (a distant 63%)."

Social networking and new technologies are cited as critical threats to security.  The good news, according to a separate research firm,
Identity Theft Resource Center, is that data breaches due to human error declined slightly in 2008.  Still, such breaches encompass 35.2 percent of the cases studied which had a reported cause.

In Deloitte's Global Security Survey, it showed more positive signs as well.  External breaches arising from viruses and worms dropped from affecting 43 percent of respondents in 2007 to 15 percent in 2008.  Email attacks likewise fell from 57 percent to 24 percent.  Phishing attacks also fell greatly, down to 7 percent from 38 percent the previous year.

Of the respondents, 80 percent reported being on the receiving end of an external attack which succeeded in breaching their systems.  And 70 percent reported internal attacks breaching their systems.  The biggest cause for internal breaches was found to be viruses and worms, which hit the systems of 11 percent of respondents.

The study states that the industry, while successful in greatly cutting email and phishing attacks, is having trouble stamping them out entirely.  This is due largely to their diverse nature.  Still, the study states that firms are getting better prepared to prevent repeated attacks from viruses or worms.

As to the threats posed by user error, recent studies have shown that many users will click on windows that are obviously malware-loaded, in a misguided effort to make them disappear.  These studies and others show that you can build an imposing castle, but it can't protect you from people inside it opening the gate.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Steve1981 on 2/5/2009 2:42:22 PM , Rating: 5
There's a newsflash...

RE: Duh...
By acase on 2/5/2009 2:45:33 PM , Rating: 5
Yah, did we really need the Toilet Douche Tomato to tell us that?

RE: Duh...
By Screwballl on 2/5/2009 3:20:55 PM , Rating: 3

When I saw that name I thought the exact same thing... toilet douche tomato? Sounds like marketing for an unpleasant female upkeep item... what does this have to do with human security? unless....

RE: Duh...
By Pandamonium on 2/6/2009 12:33:07 AM , Rating: 2
D&T is one of the largest audit/consulting firms out there...

RE: Duh...
By Borkil on 2/5/09, Rating: -1
RE: Duh...
By jadeskye on 2/5/09, Rating: 0
RE: Duh...
By afkrotch on 2/5/2009 3:06:32 PM , Rating: 1

RE: Duh...
By Cuddlez on 2/5/2009 7:48:11 PM , Rating: 2

RE: Duh...
By Bender 123 on 2/5/2009 2:51:25 PM , Rating: 3
Next study at the department of Duh is:

What is more to blame for computer problems in the home? Hardware faults or PEBKAC?

RE: Duh...
By True Strike on 2/5/2009 2:53:34 PM , Rating: 4
This seems obvious, I am amazed everyday at how little sense users have with computer systems in general, let alone data security.

My favorite example: (warning, there is a little crude language)

Password = "the letter 'a'"

RE: Duh...
By TomZ on 2/5/2009 3:13:57 PM , Rating: 2
Wow - that is funny - I almost hurt myself laughing!

RE: Duh...
By Steve1981 on 2/5/2009 3:18:40 PM , Rating: 2
That is one of my personal favorites...

RE: Duh...
By Etsp on 2/5/2009 4:59:13 PM , Rating: 2
"You can't arrange icons by penis." LOL

RE: Duh...
By Hydrofirex on 2/5/2009 5:32:51 PM , Rating: 2
Truly, one of the best one-liners ever!

On an aside, has anyone heard if they are adding arrange by penis to windows 7?


RE: Duh...
By JediSmurf on 2/5/2009 7:16:56 PM , Rating: 2
That was awesome. "The website was at the tip of the penis!"

RE: Duh...
By rudolphna on 2/5/2009 10:24:40 PM , Rating: 2
that was freakin awesome lol I love that. You cant arrange by penis.... lol

RE: Duh...
By SiliconAddict on 2/6/2009 12:17:12 AM , Rating: 2
*dies laughing* You can't arrange them by penis! *falls off his chair*

RE: Duh...
By BruceLeet on 2/6/2009 1:00:52 PM , Rating: 2
That was hilarious, Ive just sent it to all two people who would 'get it'

RE: Duh...
By AlexWade on 2/5/2009 3:01:32 PM , Rating: 2
How much did this study cost? I would have told the exact same answer for half the price!

"There's no chance that the iPhone is going to get any significant market share. No chance." -- Microsoft CEO Steve Ballmer

Copyright 2015 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki