How Data Breaches Happen

Data breaches can be intentional, malicious, or accidental. Regardless of the cause, a data breach exposes critical information which can cost your business an arm and a leg.

According to a recent report IBM and the Ponemon Institute, the average cost of a data breach in 2020 is $3.86 million. Beyond the financial impact, a damaged reputation can cripple your business operations.

But how does a data breach occur? Here are some of the most common ways:

1.     Criminal hacking

Criminal hacking is the leading cause of data breaches, accounting for 45% of them. Hackers rely on stolen information and credentials, password generating software, and computer coding to infiltrate secure systems.

Most criminal hackers will commit fraud using these credentials. Alternatively, they might extract sensitive information to sell on the dark web. Sometimes, the credentials these hackers obtain help them launch further attacks on a business.

2.     Human error

Human error causes 22% of the total data breaches. Mistakes by your employees could compromise the safety of the organization’s data. Some of these mistakes include:

  • Sending sensitive data to the wrong person
  • Giving physical files to unauthorized personnel
  • Misconfiguration (leaving a database of sensitive information without password protection)
  • Using weak passwords
  • Sharing passwords or sensitive information
  • Being victims of phishing scams

3.     Social engineering

Social engineering is growing as a means for cybercriminals to execute cyberattacks on businesses and individuals.

Phishing scams are the most common form of social engineering. In a phishing attack, the cybercriminal will use deceptive emails, websites, and text messages to steal sensitive data.

For example, a phishing scheme will imitate a website and mislead visitors into leaving sensitive financial or personal information on these sites.

Another social engineering scam cybercriminals use is spear phishing.  In spear phishing, criminals use emails to execute targeted attacks on businesses and individuals.

Social engineering taps on human emotions of curiosity, greed, fear, and urgency to trick victims into divulging critical information.

Criminals will use this information to commit fraud or sell the data.

4.     Malware

17% of data breaches occur due to malware such as RAM scrapers and keyloggers.  This malware helps hackers steal passwords, credit card information, and other sensitive data.

Criminals can also use malicious software to infiltrate a system with known vulnerabilities. For instance, they will exploit known vulnerabilities in software which is not up-to-date.

Once they gain access to your data, hackers can launch an attack, delete your data, steal sensitive information, or lock you out of your system and demand payment.

5.     Unauthorized use

Employees pose a significant risk of originating data breaches. Malicious employees can abuse their privilege to access of sensitive information, misusing it for their benefit.

Unauthorized employees can ignore access policies of the organization, and misuse information. Though the initial access could be accidental or intentional, the harm done is similar, particularly if they sell this information on the dark web.

6.     Physical actions

About 4% of data breaches do not involve criminals bypassing technological security measures but theft of paperwork or devices containing sensitive information. According to the FBI, 98% of these devices are never recovered.

When these devices contain sensitive information, then the data breach could be severe for your business.

Final word

Data breaches happen in various ways.  These include hacking, malware, theft of devices or paperwork, human error, and security vulnerabilities in your applications. These breaches can damage the reputation of your organization.  They can also expose your customers to loss and fraud. Educate your employees and implement policies to prevent and detect data breaches.

Related Article

The Role of Technology in Sanctions Compliance

Sanctions compliance is a complex and challenging task for many organizations, especially those that operate across multiple jurisdictions and sectors. Sanctions regimes are constantly evolving,

Ronald K. Noble is the founder of RKN Global and currently serves as one of its principal consultants.