Techworld recently published details on 29 of the worst security incidents to have affected UK residents in recent years. (The title actually says 31, but one incident appears to be duplicated and one really is not an incident).
Looking at this, there are no Denial of Service incidents or ransomware attacks in this class. Almost half of all attacks can be attributed to straight forward hacking. The rest come down to sloppy or inadequate management and administration.
3 of the worst arose from poor configuration and system administration. A further 3 were caused by granting or leaving open access control to unauthorised users. 1 was caused by poor programming.
6 were due to poor practice and accidents: use of live data for testing, failure to wipe data media before disposing of equipment, lost data media, lost laptops and one case of wilfully selling on personal data without authorisation.
This leaves 3 cases of inside jobs by disgruntled employees.
This reinforces the old adage that engineering a security solution is not enough. Businesses need to build in security as part of their culture and work their processes as well.
No comments:
Post a Comment