Examining the Top 5 Causes of Data Breaches
Each year, one of the most eagerly anticipated cybersecurity reports is the publication of Verizon’s annual Data Breach Investigations Report (DBIR). Among the nuggets of useful data and insights in this report, the top causes of data breaches reveal much about the tactics threat actors deploy to steal perhaps your most precious company resource—your data. Here’s an analysis of the top five causes of data breaches for 2023.
System Intrusion
System intrusion attacks tend to be multi-phase operations conducted primarily with financial objectives in mind. Ransomware attacks dominate this category of breaches, with threat actors often not just blocking access to data but also exfiltrating it and demanding large payments to prevent them from publishing sensitive information online.
A high-profile example of system intrusion occurred in May 2023 when major U.S. pharmacy services provider PharMerica got hit by ransomware. The PharMerica incident resulted in 5.8 million patients having their medical data stolen.
The hacker’s prowess in system intrusion attacks usually comes after gaining initial access to a compromised account or system. A variety of technical tools and techniques, such as mimikatz assist with evading defenses and escalating privileges to control admin accounts.
Because system intrusion attacks come in multiple phases, they also require multiple layers of defense. Here are some recommended mitigation measures:
● Invest in advanced email and web browser protection
● Deploy and maintain anti-malware programs across your IT environment
● Automatically back up important data, ideally to an off-site location where you also encrypt that data
● Mandate multi-factor authentication (MFA) for remote access apps or externally exposed IT services.
Basic Web Application Attacks
It might come as a surprise that basic web application attacks are a common cause of data breaches, but this category of incidents has more to do with bad password hygiene than poor coding practices. Still, a proportion of the breaches also come from exploiting common vulnerabilities, which shows that patch management continues to cause problems for companies.
Common targets here are email services, cloud-hosted web apps and their servers, or team collaboration tools like Slack because these apps often directly lead to important company information.
Hackers can actively scan for vulnerabilities in Internet-facing apps using freely available tools, while there are many brute force password cracking techniques, including credential stuffing, password guessing, and password spraying. There’s also the perennial problem of stolen credentials to contend with; there are almost 25 billion circulating on the dark web, many of which remain in use by users.
Important countermeasures to basic web application attacks include switching on MFA for all user accounts on web apps, continuous vulnerability management, and user education about effective password hygiene.
Social Engineering
Psychological manipulation remains an effective route to stealing data, as evidenced by the fact it accounted for 17 percent of breaches in the 2023 DBIR. Increased sophistication in the form of targeted spear phishing emails explains why social engineering is still so effective.
In the context of data breaches, the majority of data compromised in social engineering incidents were user credentials. This makes sense given that successful social engineering is often the starting point for conducting other attacks. However, a large portion of social engineering incidents result in personal and internal company data being directly compromised.
Business email compromise (BEC) is an increasingly widespread and effective social engineering technique. Hackers either directly access business email accounts and send spear-phishing emails to targets, or, they create lookalike email addresses and use effective pretexting to dupe targets into disclosing sensitive info.
Combating modern social engineering requires not only effective training and awareness programs but also simulations to gauge employee readiness in real-life contexts. Advanced AI-based email security solutions also carry good potential to detect social engineering.
Internal Errors
One harsh truth to face up to is that human error still plays an outsized role in data breaches. Cloud storage buckets get left wide open, emails containing sensitive information get sent to the wrong recipients, and developers use dodgy open-source projects in their code.
One example in July 2023 saw the online virus scanning company VirusTotal leaking data about several thousand customers after an employee mistakenly uploaded a CSV file directly on the website. These kinds of errors happen all the time, but eliminating human fallibility is not possible. What is possible is attempting to constantly improve your employee security training programs with an emphasis on data handling and secure coding for developers. Back your employees up with other layers of defense, such as security operations centers (SOCs) to react faster to incidents.
Privilege Abuse
While this cause of data breaches represents a far smaller percentage of the total than the previous four, it’s still worth mentioning. Privilege abuse is exactly what it sounds like—employees using their access privileges to steal company information for their own benefit.
While external actors can coerce internal users into stealing data for a large payoff, employees can also become disgruntled with employers, such as immediately after being told they are being laid off. An ex-Apple employee got charged earlier this year for trying to steal proprietary information. One estimate shows that the current trend of layoffs in the technology sector led to a 35 percent increase in employee data theft incidents. It’s not possible to eliminate privilege abuse but it is feasible to decrease its likelihood. The best tactic is to limit the number of unnecessary access privileges by ensuring employees only get the exact amount of access to data and other resources that they need to perform their daily work.
How DIESEC Helps Reduce Data Breaches
At DIESEC, we believe it’s critical to keep an eye on data breach causes and how they change from year to year.
Our cyber security services can help reduce data breaches at your company by directly addressing several of the top causes. We offer social engineering simulations, penetration testing, SOC-as-a-service, and more besides.
Contact us to learn more about what we offer.