Stories
Slash Boxes
Comments

SoylentNews is people

Study Claims That Company Insiders Are Behind 1 in 4 Data Breaches

posted by chromas on Wednesday April 11 2018, @01:31PM   Printer-friendly
from the 1in4-stats-tend-to-be-legit dept.

Arthur T Knackerbracket has found the following story:

The admins among you will be unsurprised to discover that, more than a quarter of the time, data breaches across the world originated between the chair and the keyboard of organisation "insiders". And no, we don't mean they clicked on a dodgy link...

The latest edition of Verizon's Data Breach Investigations Report (DBIR) found that 25 per cent of all attacks over the year were perpetrated by said insiders and were driven largely by financial gain, espionage and simple mistakes or misuse.

It also reports that organised criminal groups continue to be behind around half of all breaches, while state-affiliated groups were involved in more than one in 10. Financial gain, unsurprisingly, continued to be the top motivation for cybercriminals.

The healthcare industry was found to be at particularly high risk of insider threats through errors and employee misuse – such as medical workers accessing patient records for simple curiosity or fun.

Companies are nearly three times more likely to be breached by social attacks than via actual vulnerabilities, emphasising the need for ongoing employee cybersecurity education.

The report notes a significant trend in social-engineering and "pretexting" attacks targeting finance and HR departments, with nearly 1,500 incidents and nearly 400 confirmed data breaches reported. In these attacks, hackers may seek to convince finance departments to make a transfer of funds by posing as a company CEO.

[...] Simple errors – such as failing to shred confidential information, sending emails to the wrong person or misconfiguring web services – were at the heart of nearly one in five breaches. More than 20 per cent people still click on at least one phishing campaign during a year.

[...] Over two-thirds (68 per cent) of breaches took months or longer to discover.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Study Claims That Company Insiders Are Behind 1 in 4 Data Breaches | Log In/Create an Account | Top | 14 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Wednesday April 11 2018, @10:38PM

    by Anonymous Coward on Wednesday April 11 2018, @10:38PM (#665596)
    • The Market: Voting with your dollars (take your business elsewhere).

    Not everyone who has their data exposed are customers or willing participants. See Experian.

    • Civil Courts: Sue for breach of contract (no contract in place? Go to the market solution.)

    That's a great idea! Let's have regular people spend tens of thousands of dollars on legal fees in an attempt to extract some measure of satisfaction. Oh, and let's not forget arbitration for those who accepted any ToS or EULA. For those who who aren't willing participants ... what contact breach can they sue over?

    • Criminal Courts: Prosecute for fraud in advertising (They never promised good security? Go to the market solution.)

    So you're in favor of prosecuting for fraud, but not for negligence or malicious behavior? What if they have very good lawyers who vetted all advertising to ensure it doesn't say "we will make a reasonable effort to protect your data". For those who aren't willing participants ... what fraud has occurred?