lundi 8 décembre 2014

It's your fault for the huge rise in data breaches

data_breach-800x450.jpeg


New information which was obtained via a freedom of information request in the UK has found that there has been a worrying increase in the amount of data breaches which are caused by human error.


The figures were brought to light by an FOI request made to the Information Commissioner’s Office by Egress Software Technologies, an encryption provider.


Egress found that during the first quarter of 2014, 25 percent of reported data breaches were down to the accidental loss or destruction of personal data -- which is up 15 percent on the second half of 2013. A large percentage of these incidents, 43 percent to be precise, were cases of sensitive info being accidentally emailed, faxed or posted to the wrong person.


In actual fact, only 7 percent of breaches happened due to technical failures, with 93 percent occurring as a result of human error, lack of care when dealing with data, or poor processes which organizations have in place.


Indeed, Egress notes that when it comes to penalties levied by the ICO for data slips, no fines have actually been imposed concerning breaches caused by technical failures, whereas £5.1 million has been extracted from various organizations for mistakes made when handling sensitive data.


£600,000 worth of penalties were imposed for emailing sensitive details to the wrong recipient alone.


CEO of Egress, Tony Pepper, commented: "What these statistics demonstrate is that training alone is not the answer. Organizations have put huge emphasis on process driven training, but the fact that 93 percent of all incidents between January and March 2014 were caused by human error or failure to carry out effective process demonstrates that a change in approach is needed".


"Organizations need to make data protection a priority. Where possible, fax and post must be replaced by secure electronic communication that is procured in its own right. Solutions that are easy to use yet offer comprehensive protection and control have been developed to mitigate the risk of a data breach, so it is mystifying why organizations are not implementing them to reduce their liability".


When looking at reported breaches between April and June 2013, compared to the same period this year, healthcare organizations topped the list of offenders with 91 breaches that doubled up to 183 in 2014. The insurance sector saw increases of 200 percent, and education was up 56 percent among other large increases.


To date, since 2010, the ICO has issued penalties which total over £6.7 million, with public sector organizations being hit by £4.5 million of that sum.


Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.






Aucun commentaire:

Enregistrer un commentaire