Common causes of large breaches (Q1 2019)
Introduction: What’s to be done about data breaches?
With the new focus on digital privacy and data privacy regulations, data breaches are increasingly in the news. The EU’s General Data Privacy Regulation (GDPR) has increased the types of data that are considered sensitive and the penalties for a breach. GDPR and similar regulations, as well as the number of high-profile data breaches, have caused organizations to commit to a greater focus on privacy. Organizations are actively working to decrease their potential exposure to a data breach by beefing up their cybersecurity defenses.
When trying to design and implement a strategy for protecting against data breaches, it’s useful to understand what the most common causes of these breaches are. This article looks at the data from the first quarter of 2019 and classifies breaches into several common categories.
Hands-on threat intel training
Common causes of data breaches
Data breaches involve the release of sensitive data to unauthorized parties. While most people’s first thought when hearing of a data breach is that external attackers have gained access to the organization, data breaches can be caused by a variety of different reasons.
The Identity Theft Resource Center (ITRC) defines seven different causes of data breaches:
- Accidental Web/Internet Exposure: Sensitive data is accidentally placed in a location accessible from the Web. The news stories about improper usage of Amazon S3 permissions (and other cloud storage) fall into this category
- Data on the Move: Securing data in transit is often a challenge for companies. Using HTTP and other insecure protocols is a common cause
- Employee Error/Negligence/Improper Disposal/Lost: This category covers all data breaches caused by employee negligence. Data security policies that are weak and/or unenforced can lead to unintentional data breaches
- Hacking/Intrusion: Data breaches involving an external party (i.e., a hacker) are what most people expect when they hear of a data breach. This category includes phishing, malware/ransomware and skimming
- Insider Theft: This category also deals with employees, but covers cases where insiders are intentionally breaching sensitive data
- Physical Theft: Laptops and mobile devices commonly store sensitive or valuable data. These devices can easily be lost or stolen when brought to public areas
- Unauthorized Access: Poorly designed or implemented access controls can allow people to access data that they are not authorized for
As shown in the list from ITRC, breaches involving external parties gaining access to an organization’s network are only one of several different types of breaches. For the rest of this article, we’ll use the labels defined by the ITRC for classifying breaches.
Causes of large data breaches
Data breaches occur practically every day. According to the ITRC, there were 264 breaches in Q1 2019, or almost three breaches per day on average.
However, we don’t hear about most of these breaches on the news. Only the “huge” breaches make the headlines. In this section, we’ll break down the major causes of breaches in two ways: based on the number of records exposed in a single breach and based on the number of records in exposed in Q1 2019 by each breach type.
Causes of the largest breaches
In Q1 2019, the ITRC recognized eight breaches that exposed at least 100,000 records. These breaches are summarized in the following table.
You can see that while Hacking/Intrusion may be the most common cause of data breaches, that doesn’t make it the most damaging. The FEMA breach exposed more records than all Hacking/Intrusion breaches put together, but it was caused by employee negligence. The second-largest breach (UW Medical) was also not caused by hacking.
Causes of most lost records in March 2019
In March 2019, ITRC began including additional information in their breach reports. This information included a breakdown of the number of records breached in that month, based on the cause of the breach.
As shown, employees were the cause of the majority of breached records in March 2019. While this information is skewed by the fact that 2,300,000 of the breached records were included in a single breach, the fact that the top three causes of breaches can all be considered internal errors means that organizations need to focus on fixing internal process errors as much as they need to devote time and resources to keeping attackers out.
Preventing data breaches
Preventing data breaches from occurring is a major concern for enterprises and other organizations. With the new privacy laws that have come into effect over the last year, businesses are obliged to protect many more types of information than previously, and the penalties for failing to do so are harsher. In fact, the EU’s GDPR gives regulatory authorities the right to penalize organizations for failure to keep proper records even in the absence of a breach.
When attempting to protect sensitive data and prevent data breaches, focusing on measures designed to keep attackers out of the network is important but not sufficient. While the majority of large data breaches were caused by outside attackers, the majority of breached records were leaked due to mistakes made by employees. In addition to perimeter-based defenses against hackers, organizations should also deploy solutions for managing and monitoring access to sensitive data by internal employees.
Hands-on threat intel training
Sources
- Monthly Breach Report: January 2019, Identity Theft Resource Center
- Monthly Breach Report: February 2019, Identity Theft Resource Center
- Monthly Breach Report: March 2019, Identity Theft Resource Center
- Centerstone Insurance and Financial Services d/b/a BenefitMall Notifies Consumers of Data Security Incident, BenefitMall
- Notice of Data Encryption Event, Columbia Surgical Specialists
- Notice of Data Security Incident, UConn Health
- Notice of Data Breach, UW Medicine
- Management Alert – FEMA Did Not Safeguard Disaster Survivors’ Sensitive Personally Identifiable Information (REDACTED), Office of Inspector General
- ZOLL Reports Recent Data Security Incident, PR Newswire
- Data Breach Reports: March 31, 2019, Identity Theft Resource Center
In this Series
- Common causes of large breaches (Q1 2019)
- Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more
- Dependency confusion: Compromising the supply chain
- BendyBear: A shellcode attack used for cyberespionage
- ATP group MontysThree uses MT3 toolset in industrial cyberespionage
- BlackBerry exposes threat actor group BAHAMUT: Cyberespionage, phishing and other APTs
- Top 9 cybercrime tactics, techniques and trends in 2020: A recap
- KashmirBlack botnet targets WordPress, Joomla and other popular CMS platforms
- BAHAMUT: Uncovering a massive hack-for-hire cyberespionage group
- Linux security and APTs: Identifying threats and reducing risk
- Top 6 ransomware strains to watch out for in 2020
- 2020 Verizon data breach investigations report: Summary and key findings for security professionals
- How hackers use CAPTCHA to evade automated detection
- The State of Ransomware 2020: Key findings from Sophos & Malwarebytes
- Dark web fraud: How-to guides make cybercrime too easy
- Top 6 malware strains to watch out for in 2020
- Top Cybersecurity Predictions for 2020
- Malware spotlight: What is click fraud?
- What does dark web monitoring really do?
- ThreatMetrix Cybercrime Report: An interview
- Are dark web monitoring services worth it?
- Cybercrime and the underground market [Updated 2019]
- Verizon DBIR 2019 analysis
- The Magecart Cybercrime Group Is Threatening E-Commerce Websites Worldwide
- Russian Cyberspies Target 2018 U.S. Midterm Elections
- The Increasing Threat of Banking Trojans and Cryptojacking
- Leaders’ Meetings: A Privileged Target for Hackers
- Fraud as a Service (FaaS): Everything You Need to Know
- All about SamSam Ransomware
- The Decline of Ransomware and the Rise of Cryptocurrency Mining Malware
- Mechanics Behind Ransomware-as-a-Service
- The Art of Fileless Malware
- ZLAB MALWARE ANALYSIS REPORT: RANSOMWARE-AS-A-SERVICE PLATFORMS
- Which Are the Most Exploited Flaws by Cybercriminal Organizations?
- 5 New Threats Every Organization Should be Prepared for in 2018
- Memcrashed: The Dangerous Trend Behind the Biggest DDoS Attack Ever
- Open source threat intelligence tools & techniques
- Global Cost of Cybercrime on the Rise
- An Enterprise Guide to Using Threat Intelligence for Cyber Defense
- The Five Largest Ransomware Attacks of 2017
- Intellectual Property Crimes in the Dark Web
- Top 5 Smartest Malware Programs
- Is Russian Intelligence Using Tainted Software to Access Corporate and Government Networks?
- Vault 7 Leaks: Inside the CIA's Secret Kingdom (July-August 07)
- DragonFly 2.0: The Alleged Nation-State Actor Hits the Energy Sector Again
- Russian APT Groups Continue Their Stealthy Operations
- Massive Petya Attack: Cybercrime or Information Warfare?
- SAP SECURITY FOR CISO: SAP Attacks and Incidents
- Role of Threat Intelligence in Business World
- WikiLeaks Vault 7 Data Leak: Another Earthquake in the Intelligence Community
- Past and Present Iran-linked Cyber-Espionage Operations
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Threat Intelligence
Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more
Threat Intelligence
Threat Intelligence
Threat Intelligence
ATP group MontysThree uses MT3 toolset in industrial cyberespionage