Most Data Breaches Due to Bugs and Negligence (and silly antennas, avoiding facial recognition)

In light of all the news, this seems like a good reminder– most data breaches are the result of people being dumb or systems not working as planned.

Symantec & Ponemon released another one of the security industry’s ubiquitous “reports,” in this case showing that 64% of data breaches world wide are due to employee negligence and “computer glitches,” by which you should read programmers and systems designers failing to take something into account.

(Not that computers are more competent than people, they just tend to break in different ways.)

Hey radio geeks! The silliest-looking antenna ever, and it covers 26MHz-6Ghz. It also looks kind of like a Strandbeest.

Avoiding facial recognition: You know countersurveillance (well, countersurveillance art) has gone mainstream when random girls are posting anti-CCTV-makeup how-to videos on the Internet. We need more of this kind of mainstream, I think. Too long has the security industry been dominated by pudgy 50-something men.

“While data breaches born of malicious attacks grab headlines, more data thefts are caused by employee negligence and computer glitches, according to a report this week by Symantec and the Ponemon Institute.

Almost two-thirds of data breaches in 2012 could be attributed to negligence or human error (35%) and system glitches (29%), reported the eighth annual Ponemon Global Cost of a Data Breach study.

However, malicious attacks remain the single highest cause of breaches, with 37% of the intrusion pie.

Those figures vary by nation, the report showed. For example, Germany had an almost even split between malicious attacks (48%) and negligence/glitches (52%). By comparison, more than three-quarters of the breaches (77%) in Brazil were blamed on human error-system failures.

“Data breaches normally aren’t about bad people,” Larry Ponemon, founder and chairman of the institute that bears his name, said in an interview. “It’s normally about good people making mistakes or business processes that fail.”

A common misconception by organizations is that security policies can eliminate human error, said Tony Busseri, CEO of Route1, a maker of security and identity solutions. “We have this expectation that because there’s a policy manual and core training, that people are going to execute perfectly,” he said in an interview. “They don’t.

“We so often focus on the North Koreans or the Chinese or the bad guys, when in reality we create the large majority of breaches ourselves.””

%d bloggers like this: