Thursday, May 23, 2024

Report hinges data breaches on human errors

Must read

Human errors have been identified as the major cause of data breaches globally.

A report noted that human errors continue to be a persistent chink in the armour for companies in 2023, leaving the front door open for cybercriminals.

According to the new data breach report from Verizon Business, which also found that (at last) users are increasingly aware of, and reporting, their mistakes, called for more preventive actions.

The latest Data Breach Investigations Report (DBIR), which looks at the state of cybersecurity in 2023, revealed that some 68 per cent of global breaches, regardless of whether they included a third party or not, involved a non-malicious human action, such as a person making an error or becoming a victim of a social engineering attack.

While this percentage is about the same as the figure for 2022, the business arm of the U.S operator highlighted that users have made positive progress when it comes to reporting the root causes of such incidents: 20 per cent of users identified and reported phishing in simulation engagements, and 11 per cent of users who clicked on a malicious email reported it.

Another finding suggested that almost half of the breaches in Europe, the Middle East and Africa (EMEA) were initiated internally, which suggests “high incidences of privilege misuse and other human errors.”

The main reasons for cybersecurity incidents in the region were miscellaneous errors, system intrusion and social engineering, which accounted for 87 per cent of breaches. And the most common types of data compromised in the past year were personal (64 per cent), internal (33 per cent) and credentials (20 per cent).

Group Vice President and head of EMEA at Verizon Business, Sanjiv Gossain, said: “The persistence of the human element in breaches shows that organisations in EMEA must continue to combat this trend by prioritising training and raising awareness of cybersecurity best practices. However, the increase in self-reporting is promising and indicates a cultural shift in the importance of cybersecurity awareness among the general workforce.”

The report further suggested that one of the fastest-growing cybersecurity threats is the exploitation of vulnerabilities: It has nearly tripled from its level in 2022, and last year accounted for 14 per cent of all breaches. According to the report, this was due to “the increasing frequency of attacks targeting vulnerabilities on unpatched systems and devices (zero-day vulnerabilities) by ransomware actors.”

In the Asia Pacific (APAC) region, 25 per cent of attacks were motivated by espionage – significantly higher than the six per cent and four per cent espionage levels in Europe and North America respectively.

Senior Director of Cybersecurity Consulting at Verizon Business, Chris Novak, explained: “Since so much of cyber espionage can be defined as an advanced persistent threat, it’s especially important for organisations in APAC to continuously refresh their security protocols to thwart the long-term collection of sensitive data by threat actors.”

He urged organisations to review their third-party networks as “sensitive information with national security implications can sometimes be accessed via organisations with more lax cybersecurity practices, such as academic institutions and research facilities.”

For its latest report, Verizon Business analysed “a record-high” 30,458 security incidents and 10,626 confirmed breaches that took place in 2023 – a two-fold increase in 2022.

Latest article