Humans Responsible for Most Data Breaches
Humans play the most significant role in data breaches and cybersecurity incidents, according to Verizon’s recent Data Breach Investigations Report (DBIR). Not only are they the perpetrators of breaches, they are also the targeted victims and first responders.
The DBIR also found data breaches are becoming more complex, and have started to infiltrate every department within an organization. These breaches are leaving long-term imprints on companies.
“Data breaches are growing in complexity and sophistication,” said Bryan Sartin, executive director, the RISK Team, Verizon Enterprise Solutions. “In working with victim organizations, we find that breaches touch every part of an organization up to and including its board of directors. Companies need to be prepared to handle data breaches before they actually happen in order to recover as quickly as possible. Otherwise, breaches can lead to enterprise-wide damage that can have devastating and long-lasting consequences such as a loss of customer confidence or a drop in stock price.”
To assist companies, the DBIR presents the 16 most common data breach scenarios. Ten of the cases represent more than 60% of the 1,400 cases investigated by Verizon. The other six are not as common, but they are still damaging to organizations.
The report grouped the 16 scenarios into four types of breaches, which includes the following:
- The human element, including “Partner misuse” and “Disgruntled employee”
- Conduit devices, including “Mobile assault” and “IoT calamity”
- Configuration exploitation, including “Cloud storming” and “DDoS attack”
- Malicious software, including “Crypto Malware” and “Unknown unknowns”
The report also outlines five actions organizations should undertake after a breach:
- Preserve evidence and consider the consequences of every action
- Be flexible and adapt to the situation
- Establish consistent communication methods
- Know limitations and collaborate with key stakeholders
- Document actions and findings and be ready to explain them
Verizon modified or excluded certain details, including changing names, locations, number of records stolen and money lost, in an attempt to preserve anonymity.