Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Wednesday April 11 2018, @01:31PM   Printer-friendly
from the 1in4-stats-tend-to-be-legit dept.

The admins among you will be unsurprised to discover that, more than a quarter of the time, data breaches across the world originated between the chair and the keyboard of organisation "insiders". And no, we don't mean they clicked on a dodgy link...

The latest edition of Verizon's Data Breach Investigations Report (DBIR) found that 25 per cent of all attacks over the year were perpetrated by said insiders and were driven largely by financial gain, espionage and simple mistakes or misuse.

It also reports that organised criminal groups continue to be behind around half of all breaches, while state-affiliated groups were involved in more than one in 10. Financial gain, unsurprisingly, continued to be the top motivation for cybercriminals.

The healthcare industry was found to be at particularly high risk of insider threats through errors and employee misuse – such as medical workers accessing patient records for simple curiosity or fun.

Companies are nearly three times more likely to be breached by social attacks than via actual vulnerabilities, emphasising the need for ongoing employee cybersecurity education.

The report notes a significant trend in social-engineering and "pretexting" attacks targeting finance and HR departments, with nearly 1,500 incidents and nearly 400 confirmed data breaches reported. In these attacks, hackers may seek to convince finance departments to make a transfer of funds by posing as a company CEO.

[...] Simple errors – such as failing to shred confidential information, sending emails to the wrong person or misconfiguring web services – were at the heart of nearly one in five breaches. More than 20 per cent people still click on at least one phishing campaign during a year.

[...] Over two-thirds (68 per cent) of breaches took months or longer to discover.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Funny) by Anonymous Coward on Wednesday April 11 2018, @04:29PM (4 children)

    by Anonymous Coward on Wednesday April 11 2018, @04:29PM (#665420)

    I find your views interesting and would like to subscribe to your newsletter ... but I'm afraid you will purposely leak my data to other organizations. What? That's not a "breach", it's a business model?

    Starting Score:    0  points
    Moderation   +2  
       Funny=1, Touché=1, Total=2
    Extra 'Funny' Modifier   0  

    Total Score:   2  
  • (Score: 2) by JNCF on Wednesday April 11 2018, @04:37PM (3 children)

    by JNCF (4317) on Wednesday April 11 2018, @04:37PM (#665424) Journal

    Hmm, if only there was a technical solution to your problem that didn't require bureaucratic oversight. Some way to subscribe to newsletters without sharing any identifiable personal information... too bad, we'll just have to legislate the problem away. Quick, bring me my curly wig and gavel! Whatever laws we come up with will surely be more secure than an RSS feed or a throwaway email address accessed over TOR.

    • (Score: 0) by Anonymous Coward on Wednesday April 11 2018, @07:55PM (2 children)

      by Anonymous Coward on Wednesday April 11 2018, @07:55PM (#665507)

      Your ridiculous overreaction (trolling as it may be) is one reason why there can't be any real discussions on why both the individual and the companies share responsibility in controlling the individual's data. Making companies accountable for their negligence and/or malicious behavior is not a bad thing. We do it to people everyday.

      • (Score: 0) by Anonymous Coward on Wednesday April 11 2018, @08:20PM (1 child)

        by Anonymous Coward on Wednesday April 11 2018, @08:20PM (#665522)
        • The Market: Voting with your dollars (take your business elsewhere).

        • Civil Courts: Sue for breach of contract (no contract in place? Go to the market solution.)

        • Criminal Courts: Prosecute for fraud in advertising (They never promised good security? Go to the market solution.)

        • (Score: 0) by Anonymous Coward on Wednesday April 11 2018, @10:38PM

          by Anonymous Coward on Wednesday April 11 2018, @10:38PM (#665596)
          • The Market: Voting with your dollars (take your business elsewhere).

          Not everyone who has their data exposed are customers or willing participants. See Experian.

          • Civil Courts: Sue for breach of contract (no contract in place? Go to the market solution.)

          That's a great idea! Let's have regular people spend tens of thousands of dollars on legal fees in an attempt to extract some measure of satisfaction. Oh, and let's not forget arbitration for those who accepted any ToS or EULA. For those who who aren't willing participants ... what contact breach can they sue over?

          • Criminal Courts: Prosecute for fraud in advertising (They never promised good security? Go to the market solution.)

          So you're in favor of prosecuting for fraud, but not for negligence or malicious behavior? What if they have very good lawyers who vetted all advertising to ensure it doesn't say "we will make a reasonable effort to protect your data". For those who aren't willing participants ... what fraud has occurred?