Blog Home Blame the humans for security breaches

Posted by CRU

Blame the humans for security breaches

Human behavior poses the greatest threat to corporate security, according to almost all corporate information security practitioners queried in the third annual survey conducted by Nuix, a global information security and ediscovery company. While businesses have invested to develop broad and mature cybersecurity capabilities, many survey respondents reported they were uncertain about the most effective technologies and capabilities to focus on.

"Cybersecurity no longer has an air of mystery about it for executives and directors, but human behavior and technological uncertainty remain prominent barriers to corporate confidence," said Ari Kaplan, the report's author.

The research surveyed respondents' current and planned spending across all five categories in the U.S. Commerce Department’s National Institute of Standards and Technology (NIST) Cybersecurity Framework: identify, protect, detect, respond, and recover. Nearly four in five respondents (79 percent) said they had increased spending on data breach detection in the past year and 72 percent said they planned to do so next year. However, a majority of respondents (52 percent) said preventing data breaches was their top spending priority, while 42 percent said detection was their primary focus.

"We still see a lot of companies spending too much money and effort on breach prevention technologies that don't prevent data breaches and detection measures that don't detect them until months later," Dr. Jim Kent, Global Head of Security & Intelligence at Nuix said. "That means they have less to spend on incident response and recovery just when they need those things most. The answer must be more balanced spending across all the priorities but also more targeted spending on solutions that work."

DataPort 27CRU removable drives offer a simple data security solution that greatly reduces the likelihood of human security breaches. Removable drives – such as the pictured DataPort 27 – can be installed in laptops, desktops, all-in-ones, or workstations. Businesses can remove sensitive data from their computer with the push of a button or a turn of a key, and store the drives in a secure locaton. Additionally, CRU offers removables with military-grade encryption for the utmost in data security.

Security executives almost unanimously agreed that human behavior was their greatest vulnerability (97 percent of participants in this year's survey, up from 93 percent last year and 88 percent in 2014). To counter this threat, businesses are less likely to use fear to convey important security ideas—24 percent of this year's respondents tried to scare people, compared with 39 percent last year. Instead, security leaders are using policies, awareness, and training to help people become part of the solution.

"Where this breaks down is that a large proportion of people, even after they've had security awareness training, will still put their organizations at risk by opening malicious attachments and visiting suspect websites," Kent said. "While the policies and training are crucial, we need to get better at 'idiot-proofing' our technology so that even if people do the wrong thing, the malware doesn't run or doesn't achieve its goals.”

Easily secure and manage terabytes of data with CRU removable drives. Find a CRU removable that's the right fit for your computer, or buy a workstation with a factory-integrated CRU removable drive from our partners HP and Dell. Mitigate the human behavior risk with a removable that keeps your data locked up and safe.