Featured Product
This Week in Quality Digest Live
Management Features
Constance Noonan Hadley
The time has come to check whether the benefits of teamwork still outweigh the costs
Naresh Pandit
Enter the custom recovery plan
Anton Ovchinnikov
In competitive environments, operational innovation could well be the answer to inventory risk
Julie Winkle Giulioni
The old playbook probably won't work
Sarah Schiffling
But supply chains will get worse before they get better

More Features

Management News
Program inspires leaders to consider systems perspective for continuous improvement and innovation
Recent research finds organizations unprepared to manage more complex workforce
Attendees will learn how three top manufacturing companies use quality data to predict and prevent problems, improve efficiency, and reduce costs
More than 40% of directors surveyed cite the ability of companies to execute as one of the biggest threats to improving ESG performance
MIT Sloan study shows that target-independent compensation systems can be superior
Steps that will help you improve and enhance your employee recruitment, retention, and engagement
300 Talent acquisition leaders and HR executives from companies gather in Kansas City
FedEx demonstrates commitment to customer-focused continuous improvement

More News

British Assessment Bureau BAB


Three Causes of Security Breaches

Recent survey says malicious activity is behind most

Published: Tuesday, August 30, 2016 - 16:12

There are hundreds of security breaches that happen every day but in the end, they fall into three main groups: malicious, intentional, or criminal; system glitches; and human error.

The IBM “2015 Cost of Security Breach Survey” conducted by Ponemon Research, catalogs 49 percent of the breaches as malicious activity, 23 percent as system glitches. and the remaining 28 percent as human error.

Malicious, intentional, or criminal

Just like the old-fashioned theft of physical goods, these attacks are usually well planned, targeted, and for the most part have a negative impact on the business being targeted.

Common security breaches include phishing, scams, hacking, fraud, cybercrime, theft of intellectual property, and diversion of funds. Introducing viruses and system infections is common, too. As businesses work hard to prevent data theft by implementing more sophisticated systems, the perpetrators are working just as hard to always stay one step ahead.

E-commerce trading operations regularly undergo penetration testing and STAR (simulated targeted attack response) testing to make sure their sites are secure and can continue to trade safely.

Just because you are a small business doesn’t mean you aren’t a target. It might not even happen online—invoice fraud is an increasingly real threat.

System glitches

Why is it that your network and computer were fine when you turned them off last night, but first thing this morning they don’t work? These problems happen; they are illogical, and we usually don’t know or ever discover the reason why. Most of the time the problem is solved, and everyone gets back to work with a sigh of relief. Investigations should be commonplace but, sadly, they only happen once in a while. Where they do happen, it’s the diligent approach to understanding the why and what of the event that makes an organizations’ systems much stronger.

When a product is badly made, how do you know if the ingredients for your production recipe is a “system glitch” or intentional tampering by a disgruntled employee? The only way to find out and prevent it from happening again is to investigate, find, resolve, and monitor.

Human error

The wonderful thing about people is that they are predictably unpredictable. As a manager, though, this trait is a difficult one to manage because of the unpredictable nature of the risk and the scarcity of warning signs. The news is littered with stories of companies where employees have left laptops or paper files on trains, have lost company phones, shared passwords they shouldn’t have, and posted the wrong information at the wrong time on websites. In the United States there is a website dedicated to daily security breaches. It’s a great place to see the full extent of information security risks and a bookmarked site for many IT specialists.

Recent data breach news you may not have heard about…

• It’s been revealed that the police forces across the United Kingdom are involved in 10 data breaches a week, with Surrey Police the second worst.
• A recent report states more than 800 employees in the UK’s police forces accessed personal information for no policing purpose, and data were shared inappropriately or without authorization almost 900 times.
• A new report by a British House of Commons committee recommends that organizations get control of their supply chains, noting that a 2016 data-breach report found only a third of organizations had cybersecurity standards in place to address third-party vulnerabilities.
• 58 percent of UK companies have reported data breaches in the last two years.
• According to a report from Protenus and DataBreaches.net, there were 29 protected health information breaches in June, including a total of more than 11 million patient records.
• On average, data breaches cost UK firms £1.2 million.

First published on the BAB site.


About The Author

British Assessment Bureau BAB’s picture

British Assessment Bureau BAB

The British Assessment Bureau (BAB), accredited and regulated by the UKAS, is a specialist in certification scheme management. From government agencies to small businesses, thousands of organizations trust in BAB’s systems and services to measure, test, and monitor the competence and performance of their people and processes. BAB is active in setting national standards and are expert contributors to the British Standards QS/01 and AUS/01 committees, which represent the UK in quality management and audit standards issues as an International Organization for Standardization (ISO) member.