Woo-hoo! Bill Brenner at CSO Online wrote that those of us who blog about security are becoming “rock stars”. Fifteen minutes of fame, here I come.

But onto more important issues. Deloitte & Touche released their sixth annual study on the state of IT security, and the top news there isn’t that surprising at all, and that would be the fact that human error accounted for over a third of all incidents with reported causes. Eighty-six percent of respondents said human error is their greatest weakness, with only 63 per cent citing technology as a weakness.

That’s right, it’s not the security software, it’s not the security admins, it’s just end-user boobery. Or is it? If the end-users don’t know how to make a good password, or don’t know any better than to click on an attachment sent from a Nigerian barrister, then the boobery lies a little further up the line, and the buck stops at the security managers who didn’t take the time to send out the right lessons and educate their people. Assuming that all end-users know what security professionals take for granted is just bad business.

But the survey came to some worthwhile conclusions nonetheless, recognizing that “people are both an organization’s greatest asset as well as its weakest link.” The report also notes that viligance is even more important because of the economy, and increased stress can make people “behave in atypical ways.”

According to the survey, viruses, email attacks, and phishing or pharming attacks were cited as the most common culprit for external breach. But there is good news too, and email attacks were reported by 24 per cent of respondents, down from 57 per cent of respondents last year. So, it would seem that despite the claimed end-user ignorance, more people are getting their ducks in a row this year and awareness is rising.