McAfee this week published a report that turns familiar survey findings on their heads by reporting that most cybersecurity breaches are the result of lax IT processes rather than mistakes made by end users.
Surveying 700 cybersecurity professionals working in organisations with more 1,000 employees, the “Grand Theft Data II” report finds 52 per cent of respondents claim IT is at fault when a data leakage event occurs, versus 29 per cent who cite business operations.
Candace Worley, the chief technical strategist for McAfee, said that while the number of incidents in which IT teams are deemed at fault may seem high, it’s important to remember that IT teams also have the most opportunity to make a mistake by, for example, misconfiguring a server.
Overall, the survey finds 61 per cent of respondents claim their current employer has been impacted by a data breach. The survey also finds that on average survey respondents have dealt with six breaches over the course of their professional lives. That number, however, may be low depending on whether respondents viewed a data breach to be an event significant enough to be worth reporting, noted Worley. However, the survey also finds that nearly three-quarters of the breaches cybersecurity professionals have needed to address either required public disclosure or affected financial results.
The survey also finds the causes of most data breaches have not changed much in recent years. The top three methods employed by cybercriminals to exfiltrate data, according to the survey results, are database leaks, cloud applications and removable USB drives. In addition, 61 per cent of all incidents are discovered by the internal security team.
While the number security incidents are clearly up, Worley said it’s not clear whether there are truly more attacks being launched, cybercriminals are just becoming more successful or whether IT security teams have simply become better at discovering them. All three of those factors are likely at play, noted Worley.
BA, Marriott Face Massive Fines For Data Loss
If proof was needed that poor data protection is bad for the corporate wallet, two examples have demonstrated that substantial fines face those organisations that have lax data security.read more
Cumbria First Police Force To Utilise NMC Tools
Cumbria Constabulary has become the first police force to use the National Management Centre (NMC) for cybersecurity set up under the National Police Chiefs’ Council (NPCC).read more
Phishing Attacks Bypassing 2-Factor Authentication
Penetration testers and attackers have a new tool in their arsenal that can be used to automate phishing attacks in a way that defeats two-factor authentication (2FA) and is not easy to detect and block, reports CSO Magazine.read more
Third of Breaches Caused By Unpatched Vulnerabilities
IT security professionals have admitted that a third of cybersecurity breaches are the result of vulnerabilities that they should have patched.read more