November 10th, 2020 - Blog post
Top 5 Reasons why Data Breaches Happen
- Old, Unpatched Security Vulnerabilities
- Human Error
- Insider Misuse
- Physical Theft of a Data-Carrying Device
Top 1: Old, Unpatched Security Vulnerabilities
There are numerous exploits recorded in websites like Exploit Database or Rapid 7’s Vulnerability & Exploit Database. Any person with malicious intent could launch a reconnaissance attack, detect unpatched systems and exploit them by using the tools loaded in websites like the ones I linked above. That’s why it’s so important to keep any system updated.
Top 2: Human Error
Statistically, more than the half of security breaches happen due to natural human error. We are not perfect and every individual of our species is different from each other. Some of the common human mistakes include:
- Using weak passwords or reusing those leaked in other data breaches.
- Sending sensitive data to wrong recipients.
- Sharing account credentials; and
- Falling for phishing scams.
An efficient way of stopping people from comitting these mistakes is training them to understand how they happen and how to prevent them.
Top 3: Malware
Every day, more sophisticated malware is developed. According to the Verizon DBIR 2015, “5 malware events occur every second”, and that was 5 years ago from the creation of this post.
A lot of automated scripts enter the group of these events, however black hat hackers modify many of the already released malware. This makes them unrecognisable to antivirus programs while producing the original intended damage.
Top 4: Insider Misuse
This is a closely related to human error, but with more of an insidious nature. This relates to intentious and deliberate abuse from a person inside a company for personal profit. It so mischievous in nature it’s very hard to find an insider within a company. It may be a fellow colleague who has been approached by a malicious actor in exchange of a reward or a ransom or somebody specifically infiltrated for this purpose.
Top 5: Physical Theft of a Data-Carrying Device
The digital realm will never be safe if a malicious actor can access to the physical devices, either stealing or gaining physical access to them. Opportunistic in nature, these attacks make very difficult the task of foreseeing them. Regular physical penetration tests help educating security employers to reduce the physical vulnerabilities a company may have.
Anon., 2020. Whoa.com - “Data Breach 101: Top 5 Reasons it Happens” [Online]
Available at: [https://www.whoa.com/data-breach-101-top-5-reasons-it-happens/]
[Accessed 10 November 2020]