The first step towards cyber security is identifying how data breaches occur and the level of risk each one poses.
To help organisations do this, Verizon conducted a year-long investigation into the leading causes of data breaches, publishing its findings in its 2018 Data Breach Investigations Report.
In this blog, we break down those causes and explain in more detail how each one works.
6. Physical actions (11%)
We tend to think of data breaches as being a result of cyber crime, but Verizon found that more than one in ten incidents don’t involve technological exploits.
Most physical incidents involve the theft of paperwork or devices such as laptops, phones and storage devices. Employees are increasingly encouraged to work on the go, but if they don’t keep an eye on their assets, an opportunist crook could easily steal them.
The other leading physical action is card skimming. This is where crooks insert a device into card readers and ATMs to harvest payment card information.
5. Privilege misuse (12%)
Organisations consistently overlook the threat their employees pose, but Verizon found that more than one in eight data breaches are caused by a member of staff using information improperly.
There are two main ways this happens. The first is privilege abuse, in which employees misuse information they’ve been given legitimate access to. This isn’t necessarily for malicious purposes. The employee might have stumbled on the information accidentally, which can happen if the organisation doesn’t set up appropriate access controls.
Alternatively, the employee could have ignored access policies. This can happen when, for example, an employee alters a document without following the correct procedure.
The second common type of privilege misuse is data mishandling. This occurs when sensitive information is copied, shared, accessed, stolen or otherwise used by an employee who isn’t authorised to do so.
4. Social engineering (17%)
According to Verizon, almost one in five data breaches are caused by crooks simply acting as though they belong.
You’re probably aware of phishing, in which cyber criminals send malicious emails that look legitimate, but Verizon also highlighted the threat of financial pretexting.
Financial pretexting is similar to phishing in that crooks contact their targets under false pretences to gain their information (in this case, financial information specifically). However, pretexters contact victims by phone as well as by email, and rather than duplicating a legitimate organisation’s website, they simply request that the target send them their financial details.
Once they have that information, the crooks can commit fraud, sell the data or contact a third party (such the victim’s bank or a supplier that the victim’s employer works with) requesting information about their account history.
3. Human error (17%)
Breaches don’t have to be caused by someone acting maliciously. Verizon found that almost one in five incidents was the result of a mistake made by an employee.
The most common errors involved sensitive information being sent to the wrong person. This might involve sending an email to the wrong person, attaching the wrong document or handing a physical file to someone who shouldn’t have access to the information.
The next most common cause of human error was misconfiguration, which typically involves leaving a database containing sensitive information online without any password restrictions.
2. Malware (30%)
Cyber criminals can use malware for any number of purposes, but Verizon’s report highlights a handful of prominent types, including RAM scrapers, which scan the memory of digital devices to collect sensitive information. POS (point-of-sale) systems are particularly vulnerable to RAM scraping.
The report also noted the prevalence of keyloggers, which capture the keys struck on a keyboard. They’re usually used to steal passwords and other sensitive information.
However, ransomware is by far the most common type of malware. Verizon found that it was used in 39% of all malware-related cases that it investigated.
1. Criminal hacking (48%)
It shouldn’t be a surprise that criminal hacking is the top cause of data breaches, because it’s often necessary to conduct specific types of attack. Malware and SQL injection, for example, are usually only possible if a crook hacks into an organisation’s system.
What might come as a surprise is how many activities criminal hacking encompasses. It’s usually associated with computer coding, but Verizon found that the most common criminal hacking technique involved stolen credentials.
This doesn’t require any technical knowledge. Crooks can purchase the credentials on the dark web, find them written down, crack them using a password-generating machine or guess them.
Once a cyber criminal has a user’s login credentials, they can perform any number of nefarious activities, but it usually boils down to two choices: extract information or launch further attacks.