25% of Data Breaches Are Caused by Human Error

Posted on

Oct 2nd, 2018



Share on

In an increasingly digital world, you are becoming more and more susceptible to data breaches. Most of the time, you can prevent these threats by implementing advanced security programs. But despite such robust solutions, you can still be vulnerable to data leaks. If you don’t educate your employees on cybersecurity, they may be your weakest link.

It’s the lack of basic company policies and procedures that often lead employees to unwittingly cause security incidents through negligent actions. According to the 2018 Cost of Data Breach, a study conducted by Ponemon Institute, 25% of data breaches in the U.S. are triggered by human error, including one’s failure to properly delete data from devices.

Other preventable errors that caused data leaks were clicking on malicious links that were part of phishing attacks, misconfigured servers, and network devices.

Misconfigured Servers

The report suggests that 70% of data loss happened because of misconfigured cloud storage servers, databases, and networks. More cybercriminals are aware of the existence of such misconfigured cloud servers, and they will continue to target companies this way if no one will do anything about it. The number of breaches due to such lapses increased by 424% from the previous year’s record.

Data leaks caused by negligence now happen half as frequent as security attacks, the report shows. Costs of data breaches vary depending on their cause. With negligent breaches, they cause U.S. companies $128 per compromised record.  On the other hand, the cost also varies by industry. For example, data leaks in the financial industry cost institutions two times more than the healthcare sector.

Phishing Attacks

One-third of the data leaks were due to phishing attacks. The report is consistent with the findings of another study that was published recently. In Baker Hostetler’s 2018 Data Security Incident Response Report, they found that phishing attacks continue to place sensitive information at risk. More importantly, the success of these threats was primarily caused by a few common mistakes that employees and vendors made.

Even large organizations armed with highly-advanced solutions often fall victim to phishing scams. Snapchat is one of them. As you probably already know, employees of the social media platform received bogus emails from a person impersonating the company CEO. In the email, the hacker asked for payroll information. Unfortunately, one HR employee disclosed the information.

According to Baker Hostetler, both highly-skilled and unsophisticated hackers use phishing as a tool to obtain direct network access. They may use it to trick employees into wiring money to their accounts. They also use it to deploy malware and ransomware. For victims of such security threats, the consequences can be costly. Plus, the incidents are often difficult to investigate.

So, what can organizations do to prevent such incidents from happening?

Preventing Data Breaches

Companies need to adopt sophisticated and comprehensive IT security programs. It must cover a range of solutions that can help prevent and detect possible attacks. You can even opt to use physical security keys to protect employees and the company from hackers. If you haven’t heard, Google hasn’t had a confirmed instance of an account takeover since their staff started using security keys.

However, having a robust software or hardware solutions are never enough. If employees continue to be unaware of the risks and consequences of cyber-attacks, the organization will remain susceptible to such threats. Thus, it’s vital that you take a proactive approach to educate your employees about cybersecurity.

Training can help your staff understand the impact of cyber incidents. You can explain the consequences of their actions on the financial health of your business and customer trust. You can, for example, go over certain scenarios of what may happen if they opened important work documents using public Wi-Fi networks or personal emails on their work computer.

By teaching your people how to recognize and respond to cyber threats, you will be able to prevent malicious attacks that your security systems can’t detect such as a seemingly innocent email or a work-related phone call.

More importantly, you need to let your staff understand that cybersecurity is everyone’s responsibility. In doing so, you can ensure that your employees won’t be your weakest link but your strongest line of defense.

Recycling your IT hardware is an important step to preventing data breaches. To learn more about how Securis can help protect your data, please contact us today.