5 common ways data breaches occur

If your organisation is to prevent data breaches, you need to know what to look cyber security risks to look out for.

That’s where Verizon’s 2021 Data Breach Investigations Report comes in. Its year-long examination on the causes of information security incidents has revealed the five most common ways that organisations fall victim.

We look at each of those causes in this blog, and provide tips on the steps you can take to protect your sensitive data.

5. Privilege abuse (4%)

Organisations consistently overlook the threat employees pose, but Verizon found that data breaches are often caused by a member of staff using information improperly.

Privilege abuse describes employees who misuse information they have legitimate access to. Typically this means that they are copying, sharing or accessing information without the proper authorisation.

Employees can abuse their privileges for any number of reasons, but it usually boils down to greed. They sell the stolen information on the dark web or use it to commit fraud.

4. Miscellaneous errors (17%)

As with privilege abuse, miscellaneous errors are a threat that comes from inside an organisation. But in this case, employees are acting negligently rather than maliciously.

The most common errors involve misconfiguring databases and sending emails to the wrong person.

These are not new problems. Verizon notes that it has observed the same mistakes year after year but that organisations fail to take adequate precautions. “What can we really say about this pattern? Humans make mistakes, often at scale,” the report says.

3. System intrusion (18%)

It shouldn’t be a surprise to learn that system intrusion – or what is commonly known as ‘criminal hacking’ – is the third most common cause of data breaches. Breaking into an organisation’s systems is often a prerequisite for launching more sophisticated attacks, such as malware infection.

What might be a surprise, however, is how many activities system intrusion encompasses. It’s usually associated with discovering system vulnerabilities, but Verizon found that the most common criminal hacking technique involved stolen credentials. 

This doesn’t require any technical knowledge. Crooks can purchase the credentials on the dark web, crack them using a password-generating machine or guess them. 

Once a criminal hacker has a user’s login credentials, they can perform any number of nefarious activities, but it usually boils down to extracting information to commit fraud.

2. Basic web application attacks (26%)

This describes a specific type of cyber attack in which a criminal hacker compromises an organisation’s website using direct tools.

Verizon notes that more than one in four cyber attacks occur this way, with criminal hackers almost always targeting an organisation’s server. The attacks are usually performed to access an employee’s email or web application data.

Crooks might also repurpose the web app for malware distribution, website defacement or to prepare a DDoS (distributed denial-of-service) attack.

1. Social engineering (33%) 

Verizon found that a third of data breaches are caused by social engineering, which describes the process of manipulating someone into performing a certain action.

In a cyber security context, this usually refers to bogus emails or social media posts claiming to be from a legitimate organisation.

2021’s figures represent an 11-percentage-point increase on the previous year. This demonstrates the success that attackers are having with social engineering attack. But how are they managing to fool us?

We’ve already touched upon phishing, which is a form of email scam, but Verizon also highlights the threat of financial pretexting.

Pretexting is similar to phishing in that fraudsters contact targets under false pretences to gain their information (in this case, financial information specifically).

However, pretexters contact victims by phone as well as by email, and rather than duplicating a legitimate organisation’s website, they  request that the target send them their financial details.

Once they have that information, the crooks can commit fraud, sell the data or contact a third party (such the victim’s bank or a supplier that the victim’s employer works with) requesting information about their account history. 

How can you protect your organisation?

Bolster your organisation’s cyber defences by enrolling your employees on our Information Security and Cyber Security Staff Awareness E-Learning Course.

This government-certified training course helps employees understand information and compliance risks, and the mistakes they might make that expose an organisation.

The e-learning course familiarises learners with the basics of information security, including security threats via email and the Internet, and in the workplace, and introduces them to your policies on incident reporting and responses.


A version of this blog was originally published on 12 March 2019.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.