Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

‘Inadvertent incidents’ cause most IT lapses

by
26th Aug 2009
Save content
Have you found this content useful? Use the button above to save it to your profile.

IDC identifies the biggest threat to IT systems and it’s not the faceless shadow of hackers. Jon Wilcox reports.

The greatest threat to a company’s IT systems comes from internal incidents, and not malicious external forces, according to a new report from analysts at IDC.  IDC found that just over half of the 400 respondent organisations believed IT violations were accidental, though 19% believed such occurrences were deliberate.

The findings were published in a report called “Insider Risk Management: A Framework Approach to Internal Security”.

According to the report, respondents recorded an average of 14.4 incidents of “unintentional data loss through employee negligence” in the past 12 months, adding, “Our research found that contractors and temporary staff represent the greatest insider risk to organizations, followed by technical staff and IT administrators.”

Despite the recession, almost 40% of participants in the study plan to increase spending on internal security in the coming year.  This compares very favourably with those planning to decrease spending (6%).

“In light of the current economy and the fact that many organisations are slashing IT budgets across the board, this is clear evidence that internal security risks are a top priority,” says the report. “The growth in the number of internal security breaches is forcing organizations to increase spending to combat these incidents.”

The report includes a multi-point plan of action it recommends organisations should undertake, including a risk assessment to understand the scope of the problem; annual review the company’s information security policy; employee education on policy changes; and an assessment whether high-risk data is secure.
 

Tags:

Replies (4)

Please login or register to join the discussion.

avatar
By lpwcs
02nd Sep 2009 13:11

"Inadvertant" is completely the wrong word...

In my expereince, almost every "inadvertant" incident is traceable to a badly-managed or poorly constructed and untested change to a working system. Accidents don't happen in IT, they are caused.

Thanks (0)
avatar
By User deleted
02nd Sep 2009 14:03

'Inadvertant' the wrong word?
No, actually it's only wrong by one letter.

Seriously though, I agree with the view that systems need to be designed so that numpties like me CAN'T b*lls them up. But surely you can never stop every possible mistake, such as the famous Mizuho error.

(On 8 December 2005 an employee of Tokyo stock traders Mizuho mistyped an order to sell 1 share for 610,000 yen as an order to sell 610,000 shares for 1 yen. Neither Mizuho nor the TSE system detected or rectified the error, and arguments continue over liability for the net loss of US$ 300 million plus)

Thanks (0)
Jason Cobine
By Jason Cobine
03rd Sep 2009 08:53

Data and insurance

Hi,

Accidents and outages do happen and not every risk can be forseen or avoided. Not all insurance policies cover reinstatement of data and some of them will not provide cover unless the data has been backed up every 24 hours and you can prove it. Get the back up regime right, test the back up works and then check your insurance policy exclusions so you know what areas are not covered. The you can pay particular attention to them.

http://www.cobinecarmelson.com/what-is-cyber-insurance/

Take care,

 

Jason

Thanks (0)
avatar
By bscunliffe
19th Oct 2009 10:34

Data Recovery

Even the best systems and back-up routines can fail, even sophisticated RAID systems. My client abc Data Recovery recently pulled BAE Syatems out of a hole when a 15 disc RAID server went down, great systems and a full RAID back up but still failed. Human intervention can be managed but hardware failure is more widespread than the manufacturers would like us to think.

Thanks (0)