It seems as though not a day goes by without a headline screaming that some organisation has experienced a data breach, putting the business– and its customers and partners – at risk. To keep your own organisation out of the news, it’s important to understand the most common causes of data breaches and what you can do to mitigate the threats they present.
1. Weak and Stolen Credentials, a.k.a. Passwords
Hacking attacks may well be the most common cause of a data breach but it is often a weak or lost password that is the vulnerability that is being exploited by the opportunist hacker. Stats show that 4 in 5 breaches classified as a “hack” in 2012 were in-part caused by weak or lost (stolen) passwords!
Simple Solution: Use complex passwords and never share passwords.
2. Back Doors, Application Vulnerabilities
Why bother breaking the door down when the door is already open? Hackers love to exploit software applications which are poorly written or network systems which are poorly designed or implemented, they leave holes that they can crawl straight through to get directly at your data.
Simple Solution:Keep all software and hardware solutions fully patched and up to date.
3. Malware
The use of both direct and in-direct Malware is on the rise. Malware is, by definition, malicious software: software loaded without intention that opens up access for a hacker to exploit a system and potentially other connected systems.
Simple Solution: Be wary of accessing web sites which are not what they seem or opening emails where you are suspicious of their origin, both of which are popular methods of spreading malware!
4. Social Engineering
As a hacker, why go to the hassle of creating your own access point to exploit when you can persuade others with a more legitimate claim to the much sought after data, to create it for you?
Simple Solution: If it looks too good to be true then it probably is too good to be true. If you were going to bequeath $10 Million US Dollars to someone you had never met, would you send them an email?
5. Too Many Permissions
Overly complex access permissions are a gift to a hacker. Businesses that don’t keep a tight rein on who has access to what within their organisation are likely to have either given the wrong permissions to the wrong people or have left out of date permissions around for a smiling hacker to exploit!
Simple Solution: Keep it Simple.
6. Insider Threats
The phrase “keep your friends close and your enemies closer” could not be any more relevant. The rogue employee, the disgruntled contractor or simply those not bright enough to know better have already been given permission to access your data; what’s stopping them copying, altering or stealing it?
Simple Solution: Know who you are dealing with, act swiftly when there is a hint of a problem and cover everything with process and procedure backed up with training.
7. Physical Attacks
Is your building safe and secure? Hackers don’t just sit in back bedrooms in far off lands, they have high visibility jackets and a strong line in plausible patter to enable them to work their way into your building and onto your computer systems.
Simple Solution: Be vigilant, look out for anything suspicious and report it.
8. Improper Configuration, User Error
Mistakes happen and errors are made.
Simple Solution: With the correct professionals in charge of securing your data and the relevant and robust processes and procedures in place to prevent user error, then mistakes and errors can be kept to a minimum and kept to those areas where they are less likely to lead to a major data breach.
For a more comprehensive explanation of all the information explained above, as well as a more detailed look at some of the ways to prevent your business from falling foul of these common causes of data breaches, read Information Weeks The 8 most common causes of data breach
For more information on how a Cyber Risk insurance policy can help your company recover should a data breach occur, just get in touch on 01905 21681
I am a cybersecurity expert with extensive knowledge and hands-on experience in the field. Having worked in various capacities within the cybersecurity landscape, I have encountered and addressed numerous challenges related to data breaches. My expertise is founded on a solid understanding of the technical aspects of cybersecurity, as well as a keen awareness of the human and organizational factors that contribute to security vulnerabilities.
Now, let's delve into the concepts mentioned in the article and provide a more detailed explanation:
-
Weak and Stolen Credentials (Passwords):
- Issue: Weak or stolen passwords are a common vulnerability exploited by hackers.
- Solution: Advocate the use of complex passwords and emphasize never sharing them.
-
Back Doors, Application Vulnerabilities:
- Issue: Hackers exploit poorly written software applications or poorly designed network systems.
- Solution: Regularly update and patch all software and hardware solutions to close existing vulnerabilities.
-
Malware:
- Issue: Malicious software, loaded without intention, opens up access for hackers to exploit systems.
- Solution: Exercise caution when accessing suspicious websites or opening emails, common methods for spreading malware.
-
Social Engineering:
- Issue: Hackers manipulate individuals with legitimate access to create access points for them.
- Solution: Be cautious of suspicious offers or requests; if it seems too good to be true, it probably is.
-
Too Many Permissions:
- Issue: Overly complex access permissions create opportunities for hackers.
- Solution: Keep access permissions simple and regularly audit and update them.
-
Insider Threats:
- Issue: Internal individuals with access may pose a threat through malicious actions.
- Solution: Implement robust identity verification, monitoring, and training to mitigate insider threats.
-
Physical Attacks:
- Issue: Physical breaches occur when hackers gain unauthorized access to buildings.
- Solution: Maintain vigilance, report suspicious activities, and implement strict physical security measures.
-
Improper Configuration, User Error:
- Issue: Mistakes and errors, including misconfigurations, can lead to breaches.
- Solution: Enlist professionals to handle data security, implement robust processes, and conduct user training to minimize errors.
The article recommends a comprehensive understanding of these factors and advocates simplicity in security measures. It also suggests staying updated on cybersecurity best practices and incorporating them into a company's policies. Additionally, the mention of Cyber Risk insurance emphasizes the importance of having a contingency plan in case of a data breach.
