Poor training causes security holes

Poorly trained staff and human error are the main causes of network security breaches, according to a recent survey

Human error in the workplace still poses the single biggest threat to corporate networks, with a lack of training being blamed for problems businesses should have overcome long ago.

A survey commissioned by the Computing Technology Industry Association (CompTIA) revealed that 31 percent of companies have experienced between one and three "major security breaches" in the past six months -- characterised as a security breach which causes real and serious harm to a network.

Worryingly, 22 percent of respondents said none of their IT staff have received specific security training while more than two thirds of companies polled said only a quarter of their IT staff are trained on security issues.

Unsurprisingly therefore, almost all companies -- 96 percent -- said there is a need for more security training among IT staff.

Matthew Poyiadgi, CompTIA's regional director, UK and Scandinavia, said in a statement: "We think the results are pretty staggering. Where organisations have looked primarily to technology for network safety, human error looks to be a major, underlying factor in more than 63 percent of identified security breaches."

Because our findings also show that security related training and certification have been under-utilised, CompTIA believes that better training and certification of IT staff will make our networks safer."

In response to the findings, one security minded techie, Mike Lee, senior security specialist at BT Ignite, highlighted an 'after the horse has bolted' philosophy towards IT security in Europe.

Lee said: "IT security in Europe is only taken seriously if a company has recently suffered an attack, been asked to comply with an audit or legal instruction, or is about to implement a new e-commerce or Web-based service. This reactive attitude to security places companies at risk -- organisations need to place greater emphasis on prevention."

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

For all job and work-related news, or to search for a job and get information on training, go to ZDNet Jobs.

Let the editors know what you think in the Mailroom.