Data breaches are frightening. Just imagine purchasing something online and, a month later, receiving an email saying your credit card info might have been stolen. What’s even worse is that some data breaches go unreported. You only learn about it if somebody tries to use your personal info. While data breaches vary in severity, they are never a pleasant thought. Everybody wants their personal data locked away nice and secure.
Unfortunately, it’s impossible to have a 100% secure system. Data breaches do and will continue to happen, and there’s nothing anybody can do about it.
However, what we can do is learn how data gets compromised and minimise the frequency and impact of data breaches. That’s why we’ll cover the top most common causes behind a data breach.
Having an insecure system is like sending out invitations to attackers who can’t wait to try out all the tricks and see if anything works.
Again, no system is 100% secure, but anybody concerned about security should do their part to keep things as tight as possible.
This mostly comes down to patching up all known security vulnerabilities. There are hundreds of common vulnerabilities hackers often exploit, with more added by the day. Patching all of these up ensures your system is not an easy target.
You’d think this wouldn’t be much of a problem, but hackers successfully exploit such vulnerabilities all the time. Despite this, even leading companies often run outdated software, so this is definitely worth a mention.
Human error is the reason behind 27% of data breaches. You can have the most secure system in the world, but if the people using it don’t observe good security practices, no security measures can help.
The most obvious error here is using weak passwords. Passwords like “password” or “123456” make it easy for anyone to access your account.
Of course, it doesn’t stop there. Human error also covers sharing data with an unauthorised individual or falling for one of the many Internet scams.
It might sound incredulous that somebody whose job is to work with tech would fall for a phishing scam. Yet, this is exactly how the biggest data breach in history happened. The Yahoo breach started with a phishing email and ended with 3 billion accounts compromised.
This just goes to show the greatest vulnerability in the system is often the person using it.
As security evolves, so do the means to breach it. Hackers restlessly work on creating new malware that can get under the radars of antivirus software.
The idea is simple:
A user unknowingly downloads a piece of software to their machine. This software then causes problems for them and potentially gives someone else access to their computer.
There’s not much to say here except that malware is a huge problem. Malware will, without a doubt, remain one of the biggest causes of data breaches in the years to come.
That’s why it pays off to be careful on the Internet. You never know who might gain access to your system if you use unsecured websites or download data from dubious sources.
This type of breach might not be as well-known as others. Still, insiders are responsible for around 43% of all stolen data, and it’s almost impossible to prevent.
But what exactly is it?
Here’s the thing:
An insider in a company or organisation purposefully shares sensitive data with somebody unauthorised to see it. The data could be anything from account credentials to credit card data to classified government documents.
Needless to say, this should terrify any business owner. A disgruntled employee could potentially make off with hundreds of credit card numbers. As it’s nearly impossible to predict if there’s an insider stealing data until it actually happens, this is one of the biggest problems in the world of data security.
This is a much more straightforward approach than hacking into a system. In this case, attackers aim to make off with a piece of hardware containing data or at least copy the data directly to a storage device.
Again, this type of attack is almost impossible to predict. An example almost everyone knows is Edward Snowden leaking NSA files by sneaking them out on a few thumb drives.
Admittedly, some companies like AWS have taken measures against this. Their data storage devices are all installed, accessed, and disposed of according to a strict protocol.
The servers are set to shut down automatically if anyone attempts to copy the data on them. This makes physical attacks practically impossible.
Unfortunately, implementing these measures is too complicated for most companies. That’s why physical attacks are and will remain a threat for the foreseeable future.
Those are the four most common causes of data breaches. If companies, organisations, or individuals want to ensure maximum safety of the data they store, they need to keep them in mind.
While preventing some of these data breaches might prove a difficult task, preventing other types of vulnerabilities is feasible for anyone. After all, security is one of the most important things in the world of computers—it pays off to do as much as possible to improve it.
I was the co-founder of all-hotels.com and the co-founder and CEO of graphicmail.com. The vision for PrivIQ inspired me to hang up my skis and get back behind a computer. As often as I can, I get into the mountains to ski, cycle and climb.
There has been an explosion of global data protection regulations.
We’ve expanded our compliance framework to enable multiple regulations.
We’ve outgrown GDPR alone, so we’re changing our name to PrivIQ to reflect that and to focus on providing “Intelligent Compliance, Simply.”