What are the leading causes of data security breaches?
In a shift from 2014, when human error was the leading cause of data security breaches, 31% of data security incidents during 2015 were related to phishing, hacking or malware.
By Jayleen R. Heft |April 12, 2016 at 03:45 AM
Data breaches continue to make big news. One of the latest trends is an increase in ransomware attacks targeted at organizations and businesses like hospitals, police stations and universities.
Data security incidents don’t discriminate — they affect all industries. Every company should be constantly focused on preventing, detecting, and having the right capabilities in place to respond to data security incidents. Accepting that breaches are inevitable, doesn’t mean it’s not worth trying to stop them.
The 2nd annual BakerHostetler Data Security Incident Response Report analyzed data from more than 300 incidents on which the national law firm advised in 2015. The report looks at causes of incidents, industries most affected, and what happens after a security incident is detected — from containment, to notification, to regulatory investigations and even lawsuits.
The sectors most frequently affected by cyber security incidents in 2015 were healthcare, financial services, retail, and education.
Here are the top 6 causes of data security incidents in 2015:
1. Phishing, hacking or malware (31%)
In a shift from 2014, when human error was the leading cause data security breaches, 31% of data security incidents during 2015, were related to phishing, hacking or malware.
When the privacy and data protection team at BakerHostetler looked at the underlying issues that enabled many of the phishing, hacking and malware incidents to succeed in 2015, the breaches often could be attributed to human error in some way, so in a way, the numbers show that human error is a factor more than half of the time.
2. Employee action or mistake (24%)
3. External theft (17%)
4. Vendor (14%)
5. Internal theft (8%)
6. Lost or improper disposal of data (6%)
8 components of being compromise ready
1. Preventative and detective security capabilities.
2. Threat information gathering.
3. Personnel awareness and training.
4. Proactive security assessments focusing on identifying the location of critical assets and data and implementing reasonable safeguards and detection capabilities around them.
5. Assessing and overseeing vendors.
6. Developing, updating, and practicing incident response plans.
7. Understanding current and emerging regulatory hot buttons.
8. Evaluating cyber liability insurance.
3 ways companies can most improve
1. Detect incidents sooner.
2. Contain them faster after detection.
3. Keep good logs to facilitate a more precise determination of what occurred before the attack was stopped.
No one is completely safe
Most security firms will tell you that a capable attacker will eventually find a way in. Why? Most networks are built, maintained, and used by people, and those people are both fallible and subject to a range of constraints (e.g., budgets, production priorities).
Companies should assume that even if they install the most advanced technology solutions and receive certain security certifications, their security measures may fail and an unauthorized person may gain access to their environment.