Security dependent on people skills, says CompTIA
Information security not just about technology, according to CompTIA executive vice president
To ensure a secure environment, enterprises should think more about improving people skills rather than focusing solely on improving their security technologies, according to Terry Erdle, executive vice president for certifications and learning at CompTIA.
Speaking to ITP.net, Erdle said that most security breaches are caused by human error, rather than cyber-criminals getting around the security technologies in place. He said that the lack of basic skills among employees when it comes to security was driving much of what cyber-criminals do.
"Fully 70% - I think in the last survey I saw - of significant security breaches were human-caused. They're just basic errors in applying process," he explained.
"Now, obviously that still leaves 25% or 30% of things that could be more technologically induced, but again, it's people not making the right choice to deploy firewalls, or multi-level authentication, or any of those kinds of things. And that stems from them not being very well trained or certified to do what they're doing."
Despite this, Erdle - on the back of a short visit to this region - said that he had seen encouraging signs from Middle Eastern enterprises that more was being done to skill up workforces. He said that enterprises were now looking for employees that were well-placed to cope with the explosion of IT.
"If you talk to the executives, especially in the Middle East, they understand that there is a tremendous need for people who are qualified to support this explosion of IT," he said.
Erdle added that CompTIA was hoping to address the skills gap when it comes to information security by launching what he called a security essentials course. While admitting it was not a formal certification, he said that it would go a long way in helping companies plug the gaps in their knowledge base.
"Everybody in an organisation should really have attained a level of mastery of security essentials," he said.