The hackers of today are bold and sophisticated and they’re looking for the next big score. According to
a recent study by Ponemon Institute, the probability that a company will experience data breach increases year over year, and the average cost of a data breach incident is a whopping $3.86 million. Interestingly enough, sensitive data isn’t always exposed through complex cyber assaults. Large-scale attacks might get the most news coverage, but many data breaches occur because of simple human mistakes. So as you think through ways to beef up your security, don’t forget to account for these four human causes of data breach.
Phishing – We all remember the 2014 breach of Sony Pictures Entertainment, which exposed everything from emails to entire unreleased films. These hackers likely
gained access to Sony’s systems using a phishing attack comprised of fake Apple ID verification emails. After gaining Apple IDs of top executives, hackers referenced LinkedIn profiles to guess network user names, then assumed correctly that some executives would use the same password for their Apple ID and their network login. Sony reportedly spent
$35 million repairing the cost of the breach. There are two key learnings from these stories. One is that social engineering can be a powerful way for attackers to extract data. IT pros need to help users understand how to recognize attacks like these, as well as implement relevant policies. Second is that users should always create different passwords for their accounts. While this should be an obvious precaution by now, a poll taken in May revealed that
59 percent of people use the same password everywhere. Be sure users know the risk they’re taking when they don’t diversify their passwords.
Email Message Mistakes
When many email clients autofill a recipient address as you type, users can accidentally send a document to the wrong person. But that’s just one way it can happen. A year ago, the Gloucestershire Police were fined £80,000 (about $92,000) for accidentally revealing the identities of abuse victims in a bulk email. According to The ICO (an independent UK organization focused on information rights), a police officer was sending an update about an abuse case to recipients ranging from the victims themselves to lawyers and journalists. Instead of using the blind carbon copy (BCC) function, he sent the message directly to all the recipients, thereby exposing the names and email addresses of 56 people. IT pros can help users avoid issues like these by setting clear policies on how data is accessed and shared, and by making sure users understand how to use their systems.Those Pesky Cyber Fakers
Cybercriminals can access troves of sensitive information if they can convince an employee to give them credentials using attacks like the following: Social Engineering – In 2015, health insurance company Anthem revealed that attackers had obtained protected healthcare information including social security numbers, names, addresses, and more. The attackers used social engineering techniques to steal administrator credentials. Nearly 80 million customer records were exposed and costs were estimated at over $31 billion.