Employees not to blame for IT data breaches, research says
Security breaches that can be traced back to the actions of a single individual are not the fault of a "stupid" user, but a failure of the organisation to properly educate the entire workforce about
the importance of proper IT security practice.
That was the conclusion of Debi Ashenden, a research fellow at the Defence College of Management and Technology at Cranfield University.
Speaking at the Cyber Warfare 2008 London event, she said that most companies overlook employee behaviour when considering the security of their IT systems, according to technology website ZDNet.co.uk.
"Lots of organisations claim to have a culture of information security but in most cases I would say that this is not true and unfounded," the website reports her as saying.
"We need to get end users on side. We can't ignore them anymore. We need to move away from command and control and interact with them."
A survey from PriceWaterhouseCoopers released this week backs up the academic's assertions.
While the report showed that the number of companies with an information security policy has quadrupled in the last eight years, it also revealed that the number of companies restricting internet access to
personnel has fallen to 24 per cent, from 42 per cent last year.
© Adfero Ltd