A new survey from the Computing Technology Industry Association indicates
that human error, rather than technology is at the root of most information
technology security breaches.
The survey entitled “Committing to Security: A CompTIA Analysis of IT
Security and the Workforce,” says that more training and certification is
needed, if IT workers, their companies and government agencies are to be
better equipped to handle violations of computer security.
The survey found that in more than 63 percent of IT security breaches that
human error played a role. The survey also found that of those questioned
only 8 percent said that security problems were the result of technological
failures.
CompTIA is a trade association that offers technology certifications, so
it’s no surprise that it was quick to point out that the findings of the
study that point to the need for improved security training and
certification of IT workers.
“We define a security breach as one that caused real harm, resulted in
confidential information taken, or interrupted business,” says Mike Wendy,
policy counsel for CompTIA.
“We are seeing very little of the IT budget being spent on security and an
even smaller subset being dedicated to resources on IT security training,
certification and awareness,” Wendy said.
NFO Prognostics conducted the survey during the fourth quarter of 2002 for
the CompTIA, which questioned 638 information technology workers in both the
private and public sectors.
The survey found that thirty-one percent of the IT workers were aware of
between one to three major security breaches in the past six months. While
another four percent said had between four and nine security breaches
happened over the same period of time, while another three percent said they
had ten or more security breaches in the past six months.
The survey also found twenty-two percent said none of their IT workers had
recently received technology security training. The survey went onto say 69
percent have had fewer than 25 percent of their tech staffs trained to
protect against security breaches, while only 11 percent said all of their
IT workers have had proper security training.
The survey also found that ninety-six percent of the respondents thought it
would be a good idea for their IT staffs to receive more security training.
Seventy-three percent of the IT workers surveys said they would recommend
comprehensive security certifications.