Verizon recently spread light on the evolution of cybercrime and an increasing number of data breaches in their Data Breach Investigation Report 2018 and revealed that hackers are getting smarter day by day. The report also shows some interesting facts which are stating that “human carelessness” plays a major role in accelerating such crime rates and thus, allows cybercriminals to gain access to the company’s sensitive information.
This report also justifies the requisite urge of strengthening cybersecurity laws as data breaches are becoming more noxious with each day passing. Organizations do understand the value of their business data and thus invests a lot of their time in managing in-house security systems. However sometimes, what brings disaster is not false security laws or implications but the imbalance between people and technology.
What is Data Breach?
The most basic definition of Data Breach is when a piece of secure information, whether intentionally or unintentionally, shared with any external/untrusted party without any prior knowledge to the person to which it legally belongs. Originally it is just a part of big cybercrime but eventually, results in compromising the overall online privacy of many organizations.
No matter how secure your data is, hackers always find their way out to spill it and misuse all of your vital information for earning profits. Therefore, to limit such data losses, narrowing complexity within the business environment always helps.
What Role Does Human Error Play in Breach?
We all are well-aware of the fact that technology is extending its roots more rigidly than ever before. Although, it is also true that we cannot rely on technology alone for restricting upcoming cyber attacks or, protecting sensitive data. In order to avail of your identity and sensitive data, hackers frequently target human beings as they’re easier to attack and exploit.
“It is peculiar to believe that human beings are the weakest block in the cybersecurity structure as well as the supreme hope for preventing the system from disastrous cyber attacks.”
According to a study by CompTIA, it is revealed that human errors are responsible for 52% of the security breaches held alone in the U.S. Among 52% of the root cause, “end-user failure to follow policies and procedures”, “general carelessness”, “failure to get up to speed on new threats”, “lack of expertise with websites/applications” and “IT staff failure to follow policies and procedures” were some of the most common issues reported by the surveyed employees.
It is equally surprising to know that human errors have contributed to some of the largest enterprise data breaches ever noticed in the past. Despite the misuse of encryption or any other security practice, it is very strange to notice how human error affects the whole business model in each case.
Let’s get aware of some of the well-known mega-breaches!!
eBay — The Late Spring Credential Lost Scam
In the year 2014, news came out that around 100 employees of the renowned e-commerce website, eBay, have lost their access to accounts as hackers steal the credentials in order to get hands-on eBay’s internal networks. Later on, it was determined that a group of hackers targeted a company’s sensitive information with the help of the phishing attack. Not only did they gain access to eBay’s internal networks, but they also, steal confidential data including names, passwords, email addresses, physical addresses and other personal information of 145 million customers. The attackers kept their hold on eBay’s systems straight for 229 days.
Due to this breach, eBay lowered its annual sales target to $200 million USD. The company also struggled to reacquire the trust and brand name after this unfortunate cyber attack.
Sony Pictures Entertainment — Fake Apple ID Verification Emails Scam
Once again in the year 2014, attackers dropped fake Apple ID verification emails to many of Sony’s top executives. Followed by the emails, each targeted executive lost their Apple credentials as every single email sent by the attackers was linked to a phishing site. The attackers then tried the same set of credentials on employees’ LinkedIn accounts and abused those who were linked with the same username and passwords. After gaining access, the hackers crippled the whole company’s networks and obtained 100 terabytes of the data with the help of wiper malware. Later on, hackers posted the stolen data online, which resulted in heavy losses to Sony.
Including the huge loss of client’s data, Sony Pictures Entertainment spent $35 million in total to repair their IT systems. It is also said that the total amount of breach loss is significantly higher than that of the repairing.
Home Depot — Exploited Weakness of Third-party Vendor
Using the third-party vendor’s stolen username and password, attackers successfully entered into the premises of the retailer’s network. After getting into the perimeter, they infected 7,500 self-checkout systems with malware residing in the United States and Canada.
This breach alone caused an estimated loss of 0.01% of its annual sale as 56 million customers’ credit and debit card details were compromised. Home Depot had to pay $28 million as the penalty amount followed by insurance reimbursement of $15 million.
Pentagon — Spear-phishing Attack Scam
In the mid of 2015, attackers targeted the Pentagon with a spear-phishing attack and have successfully hacked the joint staff unclassified email system of the administrative building. The hackers did a combined attack consisting of encrypted social media accounts and an automated information gathering system that potentially piled up a massive amount of data and spread it online within a minute. It is best-believed that Russian attackers coordinated the scam in order to avail of internal information of the U.S.
The 2015’s spear-phishing attack compelled Pentagon to shut down its email system for two weeks due to which 4,000 military and civilian personnel (in approx) were affected.
Assuredly, every organization follows encryption strategies to protect their business data from outer threats. But the imbalance between advanced security strategies and human carelessness can cause big data breach attacks which will eventually harm the overall business.
After acknowledging the above-mentioned four well-known data breaches, it is understood that human error holds the potential to impact the strongest of security strategies. Most of the cybersecurity experts believe that automation is the only way to reduce the risks of such human errors which can ruin the whole business stability within a small instant of time.