“While external threats from hackers remain in the headlines, it may be wise to see how you can minimize your risk from “internal” threats such as employee carelessness or apathy.”

Carelessness was the primary root cause of data breaches in 2014, according to a report released by IBM and the Ponemon Institute. A staggering 40% of breach incidents involved a negligent employee or contractor.

The root cause of 38% of incidents involved a malicious or criminal attack with 22% from glitches in the system, including a combination of both IT and business process failures.

Corporate smartphone and tablet users may circumvent corporate policy without even knowing what they are doing wrong in leveraging mobile devices for business purposes, which may lead to unsafe computing practices and putting the enterprise at greater risk for security vulnerabilities. With the proliferation of social media, people give out information every day – addresses, phone number, geo locations, likes and dislikes – without batting an eye.

Kevin McKerr, security sales leader for IBM South Africa, points out that educating people effectively to help them recognize threats and adjust their behavior accordingly is still key to fighting the fight against cybercrime. “Think of criminals who used to watch your home for the most opportune time to break in, now equate that to someone happily gathering information about you until they have enough to exploit you, or your company,” he says.

The latest IBM Xforce threat intelligence report highlights that breaches and security incidents were being announced so rapidly in 2014 that many companies struggled to keep up. “We have no choice but to acknowledge that these digital storms are likely to become larger, grow more encompassing and raise increasingly important personal privacy concerns,” says McKerr.

With some estimates indicating there were more than a billion leaked emails, credit card numbers, passwords and other types of personally identifiable information, it would seem that the chances of being affected by a security incident over the last year were quite high. And the impact of security incidents on our everyday lives has become increasingly more pervasive, with your everyday information being at risk anywhere from your local hardware store to ordering a pizza.

The impact of security incidents is not just limited to online interactions. In many countries, retail customers were subject to repeated thefts of credit card numbers across a variety of different restaurants, stores and e-commerce websites. From fast-food chains to clothing stores, the convenience of paying by credit card—and vulnerabilities in the systems that process those payments—put many people at risk.

“Human error is a major factor when securing the enterprise, and often employees have no idea what they should be protecting themselves from. Enabling systems of cybercrime education will go a long way to ensure future security for business,” says McKerr.


From an article in ITonline.com