Stories
Slash Boxes
Comments

SoylentNews is people

Study Claims That Company Insiders Are Behind 1 in 4 Data Breaches

posted by chromas on Wednesday April 11 2018, @01:31PM   Printer-friendly
from the 1in4-stats-tend-to-be-legit dept.

Arthur T Knackerbracket has found the following story:

The admins among you will be unsurprised to discover that, more than a quarter of the time, data breaches across the world originated between the chair and the keyboard of organisation "insiders". And no, we don't mean they clicked on a dodgy link...

The latest edition of Verizon's Data Breach Investigations Report (DBIR) found that 25 per cent of all attacks over the year were perpetrated by said insiders and were driven largely by financial gain, espionage and simple mistakes or misuse.

It also reports that organised criminal groups continue to be behind around half of all breaches, while state-affiliated groups were involved in more than one in 10. Financial gain, unsurprisingly, continued to be the top motivation for cybercriminals.

The healthcare industry was found to be at particularly high risk of insider threats through errors and employee misuse – such as medical workers accessing patient records for simple curiosity or fun.

Companies are nearly three times more likely to be breached by social attacks than via actual vulnerabilities, emphasising the need for ongoing employee cybersecurity education.

The report notes a significant trend in social-engineering and "pretexting" attacks targeting finance and HR departments, with nearly 1,500 incidents and nearly 400 confirmed data breaches reported. In these attacks, hackers may seek to convince finance departments to make a transfer of funds by posing as a company CEO.

[...] Simple errors – such as failing to shred confidential information, sending emails to the wrong person or misconfiguring web services – were at the heart of nearly one in five breaches. More than 20 per cent people still click on at least one phishing campaign during a year.

[...] Over two-thirds (68 per cent) of breaches took months or longer to discover.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Study Claims That Company Insiders Are Behind 1 in 4 Data Breaches | Log In/Create an Account | Top | 14 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by Arik on Wednesday April 11 2018, @04:12PM

    by Arik (4543) on Wednesday April 11 2018, @04:12PM (#665410) Journal
    "Exactly. The solution is therefore simple: eliminate the users, and your IT problems will be mostly gone."

    "Elimination" sounds a bit extreme but it wouldn't hurt one bit to get the people that don't have a clue and don't want one out of the userbase, one way or another.

    Instead for the past 20 years the industry has been going out of their way to do the exact opposite, and the results have been appalling to say the least.

    I'm reminded of the saying "It isn't that Unix is not user-friendly, it's just choosy about who it's friends are."

    --
    If laughter is the best medicine, who are the best doctors?
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3