The growing threat of data breaches globally has kept businesses on their toes. They occur when important proprietary, sensitive or confidential information is accessed or disclosed in an unauthorized faction. Data breaches can have a deep-lasting effect on a business – they affect the reputation and may hit customer trust. There is also a financial cost of tackling the entire crisis along with the negative press coverage received with the potential for lawsuits. However, companies can protect themselves from these kinds of threats with proper preparations and an understanding of the risks involved.
These are some of the common causes of data breaches:
1. Weak and Stolen Credentials
Weak and stolen credentials, especially passwords, are an important cause of data breaches. Based on the 2017 DBIR, 80 percent of data breaches involve hacking and use stolen passwords. Using strong and complex passwords is especially important and business must educate employees on the same. However, password reuse across sites also remains a problem and must be looked into as well. Businesses should try to implement two-factor authentication to make it harder for attackers to break in.
Phishing remains an important cause of concern for businesses worldwide. Around 43 percent of global data breaches involve phishing and this tactic preys on unsuspecting users to click on malicious, disguised links. These lead to data being downloaded which may compromise the system. Apart from technical training, businesses must train their employees to remain ever vigilant and identify suspicious links, before clicking on them.
3. Pretexting and social engineering
Often, it’s the offers which just seem too good to be true which lead to the most disrupting security breaches. This tactics preys on an individual’s gullibility, offering them some reward or financial windfall for exchange of data. Unsuspecting individuals often provide the data, leaving themselves and businesses at risk. Like phishing, this is a problem which can often be tackled by proper training of employees by organizations.
4. Insider threats
Sometimes, the biggest threat to data security to an organization can come from within. According to the 2017 Verizon Data Breach investigation report, 25% of data breaches involved insiders. These kind of breaches can involve espionage and are a form of human failure. However, the bright side is that these are preventable. Business need to be proactive in this regard and have strong policies and processes regarding important data to deal with these threats.
5. Application Vulnerabilities
Using software that is not updated or patched or applications that are poorly coded and may contain blackholes often leave businesses open to data breaches and vulnerabilities. This can be fixed by implementing basic security hygiene by the IT departments of businesses. System administrators must ensure that all software and applications receive regular updates. They must also keep track of when vulnerabilities in key software is discovered and work proactively to plug these gaps.
Ransomware isn’t a new tactic anymore – the year 2017 saw a spat of high-profile ransomware attacks where IT systems in many countries were affected. The Verizon DBIR pointed out that it was the fifth-most common malware variety, a jump from 22nd, three years back. Vigilance is the best defence against ransomware. Businesses must conduct ransomware awareness trainings to empower employees with the knowledge and information required to combat this threat.
7. Physical theft and loss
Data breaches do not always occur due to digital issues. Sometimes, they may also occur out of physical theft and loss. The cause for this may be unsecured ways in which physical storage devices (pen drives, compact-discs, etc.) may be used. If such devices are not securely used, then they may be at risk of theft or loss. Businesses should have strong policies and systems in place for physical data protection
To protect against these kind of threats, businesses can consider employing a reliable Unified Threat Management (UTM), coupled with Endpoint Security (EPS) and Encryption solutions which help in providing protection against the major causes of data breaches.