SpartanTec, Inc. Fayetteville: Cybersecurity 101: The Top 5 Reasons It Happens

A data breach can spell doom for many businesses. A cybersecurity breach can result in the loss of customer and business information, as well as internal business data like transaction history and inventory lists. This is something that businesses do not want to have to deal with.

The loss of customer trust can have a devastating effect on a business, not only in the immediate financial consequences of fraudulent orders and bank transfers but also the long-term economic impact.

The first step to preventing data breaches is understanding the causes. What are the top causes of data breaches?

Here are some of the most common causes of cybersecurity breaches.

Reason #1: Unpatched Security Vulnerabilities

Data security professionals have been collecting information for years on exploits hackers have used to attack companies in many countries. To identify these exploits for future reference, they are divided into hundreds of Common Vulnerabilities (CVEs).

Many of these security flaws remain unfixed for long time. According to Verizon’s 2015 Data Breach Investigations Report (PDF), “99.9%” of exploited vulnerabilities were compromised within a year following publication of the CVE.

These security holes are still open to hackers, so don’t leave them unfixed.

Cause #2: Human Error

Unfortunately, the greatest source of computer security breaches is not some forgotten security bug or unknown vulnerability, but human error.

Shrm.org cites statistics from CompTIA that show human error is responsible for 52 percent of security breaches. While the exact nature of an error can vary, some scenarios include:

Use of weak passwords
Not sending sensitive information to the right recipients
Sharing password/account information
Don’t fall for phishing scams.

It is possible to prevent many of these human errors by making sure that employees are familiar with basic data security procedures. According to the SHRM article, experts often recommend that employees receive more training in order to address the “human firewall” issue.

Cause #3: Malware

Malware isn’t just a problem on personal computers, but it can also be a threat to your company’s systems. According to Verizon DBIR 2015, 5 malware events are reported every second.

Although many of these “malware incidents” are minor, they can still be alarming.

There is also a lot of variation among malware samples.

According to the Verizon DBIR, “We found that 70 to 90% of malware samples (depending upon the source and organization), are unique to one organization.”

Many malware programs are not derived from one “family” but a handful of other families. Verizon estimates that 70% of malware activity came from “20 families.”

Why? Why?

Cause #4: Insider Misuse

Although closely related to human error and company data, it is much more dangerous. Human error can be described as an innocent mistake or accident. Insider misuse is, however, the intentional abuse of the company’s systems and data by authorized users, usually for personal gain.

According to Verizon’s DBIR report, “it’s all in the grabbing of some easy Benjamins by these mendacious malefactors with financial gain or convenience being the primary motivators (40%)

This is because the malicious actor could be someone your company has trusted. Even worse, Verizon’s report points out that “catching insider abuse is difficult… In many of the incidents reviewed, the insider abuse occurred during forensic examinations of user devices after individuals had left a company.”

Although it is almost impossible to prevent insider abuse, you can limit damage by compartmentalizing information on your network and cloud. It is more difficult for one user to access files or systems that are not restricted. It can make it more difficult to share the data.

Cause #5: Physical theft of a data-carrying device

The physical theft of sensitive company information is last on the list. These can be laptops, desktops and tablets as well as smartphones, tablets, hard drives and thumb drives.

A stolen device’s data can lead to a serious cyberattack. This is dependent on the type of information on the device. If the device is not wiped, more sensitive information will be considered a data breach.

Verizon reports that “most thefts occurred within the victim’s work area (55% percent of incidents), but employees-owned vehicles (22% incidents) are also common locations for thefts to occur.”

These thefts are often opportunistic and difficult to predict. It is important to limit the chances of data-storing devices being removed from the workplace.

There are many data breach threats, but these are the most serious.