The 6 most common ways data breaches occur

If your organisation is to successfully tackle cyber security risks, you need to know what to look out for.

That’s where Verizon’s 2020 Data Breach Investigations Report comes in. Its year-long investigation into the causes of data breach has revealed the 6 most common ways that organisations fall victim.

We took at look at each of those in this blog and see which one comes out on top.

6. Physical actions (4%)

We tend to think of data breaches as being a result of cyber crime, but Verizon found that a significant number of incidents don’t involve technology at all. 

Most physical incidents involve the theft of paperwork or devices such as laptops, phones and storage devices. Employees are increasingly encouraged to work from home or on the go, but if they don’t keep an eye on their assets, an opportunist crook could easily steal them. 

The other leading physical action is card skimming. This is where crooks insert a device into card readers and ATMs to harvest payment card information. 

5. Unauthorised use (8%)

Organisations consistently overlook the threat their employees pose, but Verizon found that more than one in twelve data breaches are caused by a member of staff using information improperly. 

There are two main ways this happens. The first is privilege abuse, in which employees misuse information they’ve been given legitimate access to.

This isn’t necessarily for malicious purposes. The employee might have stumbled on the information accidentally, which can happen if the organisation doesn’t set up appropriate access controls. 

Alternatively, the employee could have ignored access policies. This can happen when, for example, an employee alters a document without following the correct procedure. 

The second common type of privilege misuse is data mishandling. This occurs when sensitive information is copied, shared, accessed, stolen or otherwise used by an employee who isn’t authorised to do so. 

4. Malware (17%)

Cyber criminals can use malware for any number of purposes, but Verizon’s report highlights a handful of prominent types, including RAM scrapers, which scan the memory of digital devices to collect sensitive information. POS (point-of-sale) systems are particularly vulnerable to RAM scraping. 

The report also noted the prevalence of keyloggers, which capture the keys struck on a keyboard. They’re usually used to steal passwords and other sensitive information. 

3. Social engineering (22%) 

Verizon’s research found that almost a quarter of data breaches are caused by fraudsters simply acting as though they belong. 

You’re probably aware of phishing, in which cyber criminals send malicious emails that look legitimate, but Verizon also highlighted the threat of financial pretexting.  

Pretexting is similar to phishing in that crooks contact their targets under false pretences to gain their information (in this case, financial information specifically).

However, pretexters contact victims by phone as well as by email, and rather than duplicating a legitimate organisation’s website, they simply request that the target send them their financial details. 

Once they have that information, the crooks can commit fraud, sell the data or contact a third party (such the victim’s bank or a supplier that the victim’s employer works with) requesting information about their account history. 

2. Human error (22%) 

Breaches don’t have to be caused by someone acting maliciously. Verizon found that more than one in five incidents was the result of a mistake made by an employee. 

The most common errors involved sensitive information being sent to the wrong person. This might involve sending an email to the wrong person, attaching the wrong document or handing a physical file to someone who shouldn’t have access to the information. 

The next most common cause of human error was misconfiguration, which typically involves leaving a database containing sensitive information online without any password restrictions. 

1. Criminal hacking (45%)

It shouldn’t be a surprise that criminal hacking is the top cause of data breaches, because it’s often necessary to conduct specific attacks. Malware and SQL injection, for example, are usually only possible if a criminal hacks into an organisation’s system. 

What might come as a surprise is how many activities criminal hacking encompasses. It’s usually associated with computer coding, but Verizon found that the most common criminal hacking technique involved stolen credentials. 

This doesn’t require any technical knowledge. Crooks can purchase the credentials on the dark web, find them written down, crack them using a password-generating machine or guess them. 

Once a cyber criminal has a user’s login credentials, they can perform any number of nefarious activities, but it usually boils down to extracting information to commit fraud or sell on the dark web, or to launch further attacks, such as phishing scams.

Stay on top of your organisation’s threats