Data breaches are now very common. We have gotten used to seeing news every day of sensitive data being exposed to unauthorized parties, but do you know why do data breaches happen in the first place?
What is a data breach?
A data breach is a security incident where sensitive information is copied, transmitted, viewed, stolen, or accessed by an unauthorized individual.
Data breaches can involve financial information like credit card numbers or bank account details, protected health information (PHI), personally identifiable information (PII), trade secrets, or intellectual property. Data breaches can also occur when data leaks and cloud leaks are discovered and exploited by cyber-criminals.
Why do data breaches happen?
Common reasons for a data breach are:
Weak Passwords
Insecure or weak passwords are the easiest way a hacker can gain unauthorized access to a protected network. In a report published by Verizon, brute force attacks are listed as one of the top 5 causes of data breaches.
User error
Employees don’t have to act maliciously to commit a data breach. They might simply make a mistake, such as including the wrong person in the Cc field of an email, attaching the wrong document or losing a laptop.
Social engineering
Social engineering is the use of psychological manipulation in order to garnish sensitive credentials from victims. Phishing is the most common type of social engineering attack, occurring either verbally or electronically.
Unfixed vulnerabilities
Leaving security vulnerabilities unfixed gives hackers a free pass to your company’s most sensitive information. Have a vulnerability assessment and patch management program in place.
Malware
It’s incredibly simple for an attacker to get their hands on a piece of malware. Some malware will track your typing to skim passwords and sensitive details, others will lock down systems and demand ransoms to unlock them.
Supply chain attacks
Attackers can go to smaller companies that are business partners to target and obtain a larger company’s sensitive data. Smaller companies can have fewer levels of security and are easier to infiltrate. This also happens when partners don’t maintain the same level of security and don’t enforce policies with third-party suppliers.
Malicious Insiders
Many of your employees will have access to sensitive information, and there’s always a chance that someone will try to misuse it. Employees are also susceptible to using sensitive information maliciously if they are disgruntled at work or have left the organization under poor terms and still have access to its systems.
Read more on the types of insider threats and how to protect your company from an insider attack.
Physical theft
Physical theft or loss of the device is one of the second most common types of data breaches. This form of a data breach can be categorized into two segments – intentional and malicious. Every day, there are countless cases of the sheer negligence of employees in unintentionally sharing passwords, and losing their laptops, storage devices, papers, or phones in trains/buses/cafes.
Improper document disposal or destruction
Give extra care to documents and other physical mediums (CDs, USBs) when you dispose of them.
Especially for those containing PII.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.
