This ZDNET article, “Over 90 percent of data breaches in first half of 2014 were preventable”, had me intrigued but it was their summary that really caught my attention. Since the latest explanation of how the North Koreans hacked Sony was that they stole a system administrator’s password by some method that is not discussed but vaguely confirmed by the NSA, we would have to conclude that the Sony breach was probably a staff mistake.
The Online Trust Alliance says that a high percentage of data breaches were the result of staff mistakes — rather than external hacking.
According to a recent Online Trust Alliance press release about 47% of data breaches was the result of staff mistakes and 40% were the result of external intrusions. Here is what they said.
OTA also announced that it has analyzed over a thousand breaches involving the loss of personally identifiable information (PII) in 2014, as reported by the Open Security Foundation (OSF) and the Privacy Rights Clearinghouse. OTA found that only 40 percent were the result of external intrusions, while 29 percent were caused by employees—accidentally or maliciously—due to a lack of internal controls. The balance of incidents were primarily attributed to lost or stolen devices or documents (18 percent) and social engineering/fraud (11 percent).