Hackers are not the only threat to your data.
When large data breach incidents appear in the news, most people assume that hackers, phishing attacks, and malicious insiders are to blame, but that isn’t always the case. According to Verizon’s 2020 Data Breach Investigations Report, user error is among the fastest-growing causes of privacy data breaches, accounting for roughly 22% of all incidents.
To examine what this means for businesses where GDPR applies, let’s review the top 5 causes of data breach incidents in 2019.
Phishing and Social Engineering Campaigns
The number 1 cause for data breach incidents in 2019 was phishing and social engineering campaigns. These attacks are delivered via email 97% of the time and are designed to convince their recipients to give away their security credentials.
While the click rates associated with these campaigns have been going down and reporting has risen across many industries, phishing campaigns are still the most common cause of data breach incidents.
While clicking on a phishing email is often also considered a human error, the ways that insiders are inadvertently causing breach incidents is growing. Lost hard drives, weak passwords, sending records to the wrong recipients, leaving databases and cloud services unsecured or incorrectly configured—all of these causes have created large data exposure incidents in 2019.
From the US Marine Corps sending an unencrypted email containing the personal information of over 21,000 marines to the wrong distribution list, to the Dutch government losing 2 hard drives that contained the personal information of 6.9 organ donors, human error placed above malware in Verizon’s list of threats.
The number 3 cause for data breach incidents in 2019 was malware. While many malware attacks in 2019 were still delivered via email, recent attacks have grown more sophisticated.
Malware has been identified in apps available for download in official app stores, often leveraging trending topics to catch the interest of a potential victim. During the Coronavirus quarantines, several contact trackers were proven to be malware. Additionally, malware has been detected in template forms for use in contacting government offices or claiming financial benefits or health records.
While the Verizon report concluded that insider abuse is less common that hacker attacks and human error, it is still a very real threat that needs to be addressed in any comprehensive data security strategy.
Insider abuse refers to a malicious actor (a disgruntled or financially motivated employee) that steals data from your system. While these attacks can be very difficult to detect (most are uncovered by forensic analysis after an employee has already departed) they may have devastating consequences.
These incidents often appear in the news when they involve government secrets, such as the ‘Vault 7’ theft of cyberweapons from the CIA.
While access restrictions can help protect against these incidents, they can never truly be prevented at 100%. Businesses need to share information to complete work, so there is always going to be a level of access available to employees who may want to steal it.
While it may be the least common cause of data breaches, the physical theft of devices still poses a significant threat. Employees lose their phones, laptops, and external drives, or store them in unlocked cars or houses where they can easily be stolen. Theft is most often a crime of opportunity, which makes it impossible to predict and prevent. Most incidents (55%) occur around the victim’s work area and also from their vehicles (22%)
Why It Matters
In areas where GDPR applies, businesses have to concern themselves with all of these scenarios as a matter of law.
No matter how extensive your security protocols are, data privacy incidents will occur. It’s only a question of when, so—for businesses working with sensitive information—the approach to data breaches should focus on how rapidly and accurately they can respond.
Under the GDPR framework, businesses have only 72 hours to report breach incidents, and many fail. They simply don’t have the right tools to manage incidents and quickly report them to the authorities.
DBMT was designed to make the crucial difference in the time required to manage, assess, and report data breaches. The time savings is our measurement of success. The time savings is what allows our clients to meet their reporting deadlines, thereby reducing the risk of huge fines and reputational damage.
Would you like to know more about DBMT? Please feel free to contact us with any questions you have about how we save our clients valuable time and enable them to meet the GDPR deadlines, even under the difficult circumstances created by a major data breach incident.