Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Wednesday April 11 2018, @01:31PM   Printer-friendly
from the 1in4-stats-tend-to-be-legit dept.

The admins among you will be unsurprised to discover that, more than a quarter of the time, data breaches across the world originated between the chair and the keyboard of organisation "insiders". And no, we don't mean they clicked on a dodgy link...

The latest edition of Verizon's Data Breach Investigations Report (DBIR) found that 25 per cent of all attacks over the year were perpetrated by said insiders and were driven largely by financial gain, espionage and simple mistakes or misuse.

It also reports that organised criminal groups continue to be behind around half of all breaches, while state-affiliated groups were involved in more than one in 10. Financial gain, unsurprisingly, continued to be the top motivation for cybercriminals.

The healthcare industry was found to be at particularly high risk of insider threats through errors and employee misuse – such as medical workers accessing patient records for simple curiosity or fun.

Companies are nearly three times more likely to be breached by social attacks than via actual vulnerabilities, emphasising the need for ongoing employee cybersecurity education.

The report notes a significant trend in social-engineering and "pretexting" attacks targeting finance and HR departments, with nearly 1,500 incidents and nearly 400 confirmed data breaches reported. In these attacks, hackers may seek to convince finance departments to make a transfer of funds by posing as a company CEO.

[...] Simple errors – such as failing to shred confidential information, sending emails to the wrong person or misconfiguring web services – were at the heart of nearly one in five breaches. More than 20 per cent people still click on at least one phishing campaign during a year.

[...] Over two-thirds (68 per cent) of breaches took months or longer to discover.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by Thexalon on Wednesday April 11 2018, @02:31PM (2 children)

    by Thexalon (636) on Wednesday April 11 2018, @02:31PM (#665376)

    I would have figured it would be a much higher percentage than that. Which is why the Principle of Least Privilege is important.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by Runaway1956 on Wednesday April 11 2018, @02:50PM (1 child)

    by Runaway1956 (2926) Subscriber Badge on Wednesday April 11 2018, @02:50PM (#665380) Journal

    It probably is much higher than that. Most likely, they aren't counting incompetent IT, or careless IT, or IT personnel who just don't give a damn. Not to mention, the IT guy who simply made a mistake. Yes, even competent, careful, disciplined workers can occasionally make a simple mistake.

    • (Score: 2) by frojack on Wednesday April 11 2018, @06:36PM

      by frojack (1554) on Wednesday April 11 2018, @06:36PM (#665465) Journal

      Sure blame it on IT. Never mind the order in writing from the CEO to allow XYZ corp unfettered access to the database per contract 2743876B.

      --
      No, you are mistaken. I've always had this sig.