Which Of The Following Is The Leading Cause Of Data Breaches?

For many businesses, a data breach can be a disaster. The compromising of secure customer information and internal business data such as inventory lists, transaction history, and other privileged data is an event that no business organisation wants to experience.

Across the immediate financial impact of fraudulent order placements and bank transfers, the loss of customer religion can cripple a business' operations.

Knowing what causes a information breach is the showtime step in preventing one. With this in listen, what are the peak reasons why information breaches happen?

Here's a short list of major causes for data breaches:

Crusade #ane: Old, Unpatched Security Vulnerabilities

For years, data security specialists accept been compiling data on the exploitations that hackers have successfully used on companies in dozens of countries. These exploits are sorted into hundreds of Mutual Vulnerabilities and Exposures (CVEs) to identify them for future reference.

However, many of these security vulnerabilities go unfixed for long periods of time. For case, according to Verizon'due south2015 Data Breach Investigations Report, "99.9% of the exploited vulnerabilities had been compromised more than than a year after the associated CVE was published."

Leaving these old security vulnerabilities unfixed gives hackers a complimentary pass to your visitor's near sensitive information.

Cause #ii: Human Error

Unfortunately, one of the biggest sources of a data breach isn't some unknown or forgotten security issues, it's homo fault.

According to statistics from a CompTIA written report cited by shrm.org, "Man error accounts for 52 percent of the root causes of security breaches." The specific nature of the fault may vary, but some scenarios include:

The use of weak passwords;
Sending sensitive data to the wrong recipients;
Sharing password/business relationship information; and
Falling for phishing scams.

Many of these human errors can be prevented by making sure employees know their bones information security measures. As stated in the SHRM commodity, "experts often say more employee training is needed to address the 'human firewall' issue."

Cause #3: Malware

Malware isn't just a problem for personal computers at the homes of employees, information technology's an ever-expanding threat aimed directly at your company's systems. According to the Verizon DBIR 2015, "v malware events occur every second."

While many of these "malware events" are minor in nature, the sheer number of these events tin can exist worrying.

Besides, there exists an incredible amount of variation between malware samples.

As pointed out in the Verizon DBIR, "we found that 70 to 90% (depending on the source and organisation) of malware samples are unique to a single organisation."

Despite this fact, many malware programs hail from merely a few different "families." According to Verizon, "20 families represented about lxx% of all malware action."

Why? The main reason is that many hackers make modest modifications to existing malware programs to endeavor and make them unrecognizable to antivirus programs while nonetheless producing the intended effect past the hacker.

Cause #4: Insider Misuse

While closely related to human error, this cause of company data is more insidious in nature. Human error implies an innocent accident or mistake. Insider misuse, on the other paw, is the deliberate abuse of your company's systems past an authorized user, typically for personal gain.

As pointed out in Verizon'south 2015 DBIR, "it's all about grabbing some easy Benjamins for these mendacious malefactors, with financial proceeds and convenience being the chief motivators (twoscore% of incidents)."

The result here is that the malicious player is someone in whom your organization has placed trust. Worse withal, every bit pointed out by Verizon's report, "catching insider corruption is not easy… in many of the incidents nosotros reviewed, the insider abuse was discovered during forensic test of user devices after individuals left a visitor."

While preventing insider abuse is virtually incommunicable, impairment can be limited through compartmentalization of information on your network or deject. The fewer files and systems a single user tin can access, the harder it is for them to abuse their admission. However, it tin as well make sharing of necessary information more than difficult as well.

Cause #5: Concrete Theft of a Information-Carrying Device

Concluding on this list, but not the to the lowest degree-threatening, is the concrete theft of a device that holds your company'south sensitive information. This tin can include laptops, desktops, smartphones, tablets, hard drives, thumb drives, CDs & DVDs, or even servers.

The severity of a data breach from a stolen device depends largely on the nature of the information stored on the device. More than sensitive info more often than not equals a more than severe information breach if the device is stolen without being wiped.

Co-ordinate to the Verizon written report, "about of the theft occurred inside the victim'south work area (55% of incidents), but employee-endemic vehicles (22% of incidents" are likewise a common location for thefts to occur."

Most of these thefts are opportunistic in nature, making them difficult to predict. The best solution is oftentimes to reduce the opportunities for removing data-storing devices from the work site.

While there are many dissimilar data breach threats out there, these are a few of the virtually mutual/severe ones.

Demand a secure cloud solution for your visitor's information? Check out WHOA.com's secure deject services.