The top 3 IT security failures

IT security is currently a hot topic among organisations, with data breaches continuing to proliferate across the globe, causing significant financial and reputation damage.

In fact, 1.5 million cyber attacks were logged last year in the US alone by IBM. What's more, the research found companies experienced an average of 16,856 attacks per year. Many of these attacks are unsuccessful, but the statistic serves to paint a troubling view of cyber security.

As with any problem, the solution lies in understanding – and this is especially true in regards to IT security. When organisations are aware of the various threats, it becomes easier to manage risk.

Here are the top three IT security failures and the necessary approaches to cut down on the danger of breaches – regardless of the type or size of an organisation.

1) Misconfigured systems

It's common to believe most data breaches occur due to outside attackers, malicious groups specifically targeting a particular business.

These do make up a percentage of the reason for data breaches, but misconfigured systems and applications actually take the lead as the most common causes. In another IBM study based on 2013 attacks, 42 per cent of all breaches were due to this reason.

These breaches can occur in both small and large organisations, and require diligence to prevent them from happening.

Frequent spot checks of applications and systems are an excellent way to get started, with personnel investigating potential errors or weak points.

2) End user error

This next security failure is another that may not seem to be common, but it accounts for 31 per cent of breaches in the IBM study. These types of failure are those where an individual causes the breach, either with intent or inadvertently.

It's going to be difficult for a business to prevent purposeful data breaches from occurring, but there are ways to reduce the likelihood of an accidental breach.

For example, growing what's called a "culture of security" is one of the more effective measures. This involves training staff on the dangers of data breaches, and how these events can impact not just the company but also their individual productivity.

3) Targeted attacks

Finally, the cause that many may believe is the most common actually only causes 6 per cent of breaches. These are targeted attacks designed from the outset to either cause damage to the IT infrastructure of a business or obtain sensitive information.

Protecting against targeted attacks by an individual or group is difficult, and requires a combination of factors. One of these is a comprehensive security system that's constantly updated and upgraded.

Secondly, a strong security culture and awareness among staff. This is key, as outside attackers may seek to gain access to the organisation through targeted phishing emails designed to extract information or similar method.

Developing the right mindset

Security systems are a necessary step, but they're certainly not the only one. Organisations of all sizes need to know that data breaches can occur due to a number of reasons. The question is, what can these companies do?

A strong approach is the use of a framework such as SABSA, a methodology for developing security architectures within companies. Essentially, SABSA guides the development of risk and opportunity focused architectures at the enterprise and solutions level.

It can also prove useful for aligning and integrating security and risk management into IT architecture processes. By taking the time to collate these processes, organisations can effect more comprehensive security strategies.

To start taking advantage of SABSA, get in touch with the ALC Training team to find out where the necessary certifications can be delivered.