Human error remains the biggest moderate concern for IT administrators but is losing ground to malware, hacking, cloud computing, and social engineering on the security-threat leaderboard, recent figures from industry association CompTIA have revealed.
The CompTIA 11th Annual Information Security Trends report, collated from more than 500 end users with security responsibilities, found that while human error was the most frequently-named moderate security exposure they face (55 per cent), it was rated as a serious concern by the fewest proportion of respondents (21 per cent).
Asked to specify what kind of human error was most problematic, those nominating it said end users were only slightly less likely to follow policies and procedures than IT staff (42 per cent versus 41 percent).
A lack of security expertise with websites and applications was a source of human error in 39 per cent of cases, while lack of security expertise with IT infrastructure was named by 38 per cent of respondents.
Mobile security, in particular, was seeing a rise in common types of end-user breaches: mobile malware, for example, became far more common in 2013 (reported by 28 per cent of respondents) than 2012 (19 per cent).
Employees were more likely to disable security features in 2013 (26 per cent of respondents) than 2012 (19 per cent), while mobile phishing attacks were up from 2012 (20 per cent of respondents) to 2013 (24 per cent).
Perhaps the only bright spot was in violations of corporate data policies, which decreased from 25 per cent of respondents in 2012 to 23 per cent in 2013. This suggests education about the policies is improving and users are finally taking the guidance of security staff to heart.
Interestingly, despite the incidence of breaches, IT-security staff were generally positive about company workers' security mindset. Some 44 per cent were rated as 'advanced' – in that they understand policies and try to stay compliant – while 48 per cent were rated as 'basic', in that they were unfamiliar with some details but generally aware.
Just 8 per cent of workers, respondents said, saw security as a low priority and were more focused on their work tasks than the security of their information.
Despite the moderately positive assessment of workers' security awareness, respondents to the CompTIA survey were well aware of the disruptive forces of social networking: 52 per cent of respondents said social networking was affecting security overall, putting it slightly ahead of cloud computing (51 per cent), availability of easy-to-use hacking tools (49 per cent), and interconnectivity of devices and systems (48 per cent).