Home > News > September 2003 > 25-Sep-2003

CompTIA survey suggests human error most likely cause of IT security breaches

A survey from the Computing Technology Industry Association (CompTIA) suggests IT training and skills certification are key factosr in ensuring greater network security.

The survey (Committing to Security: A CompTIA Analysis of IT Security and the Workforce) found human error - not technical malfunction - to be the most significant cause of IT security breaches in the public and private sectors.

"We think the results are pretty staggering," said Brian McCarthy, CompTIA's Chief Operating Officer. "Where agencies and companies have looked primarily to technology for network safety, in over 63 percent of identified security breaches, human error looks to be a major, underlying factor. Because our findings also show that security-related training and certification have been underutilized - with 80 percent of respondents saying that a lack of IT security knowledge, training or failure to follow security procedures were the root causes of human error - CompTIA believes that better training and certification of IT staffs will make our networks safer."

The CompTIA-commissioned study, conducted by NFO Prognostics, surveyed 638 respondents from the public and private sectors. Among other things, the survey assessed security breach frequency and common causes, security resources, responsibility and enforcement practices, investment in security and certification, and steps taken in response to government regulatory and legislative mandates.

Other survey findings:

- 31 percent had experienced from one-to-three "major security breaches" - i.e., that caused real harm, resulted in confidential information taken, or interrupted business -in the last six months

- 22 percent said none of their IT employees have received security-related training; 69 percent have fewer than 25 percent of their IT staffs security-trained; and only 11% said that all of their IT employees have received security training

- 96 percent would recommend security training for their IT staff

- 73 percent would recommend more comprehensive security certification for their IT staff

- 66 percent believe that staff training/certification have improved their IT security, primarily through increased awareness, as well as through proactive risk identification

- 59 percent said that government security regulations are largely inappropriate, failing to adequately address the practical side of the problem

"Frankly, we're surprised no one's picked up on this before," noted McCarthy. "The connection between having more IT security training and making our IT networks more secure seems so obvious, yet it's been largely overlooked. It's just common sense. If the public and private sectors better train and certify their IT professionals, we'll be safer from malicious cyber threats."

Related links on this site

CompTIA Security+

Related information

For related news, case studies, articles and research, visit our
IT training home page

Training and development books

Discover books on a variety of training and development topics at the Training Reference Bookshop

Source suppliers

Visit the Training Reference Directory to view supplier details for a wide range of courses, products and services.

Sponsored links

Back to top