Request a Demo
Cygilant Blog

How Do Most Data Breaches Happen?

Posted by Shawn O'Brien on Nov 17, 2016

Companies need to take IT security seriously, and they can start by understanding who's attacking them.
Companies need to take IT security seriously, and they can start by understanding who's attacking them.

Each year companies lose millions of dollars because of data breaches. Not only do businesses lose money because cybercriminals steal critical data but also because these hackers cause often irreversible damage to the organization's reputation. In turn, these companies often struggle to retain and gain customers.

Many different types of IT criminals breach databases, which we'll discuss shortly, but it's critical to first understand what they're looking for and who they're attacking.

Breach Level Index's 2015 annual report noted that the five most common breach types were identity theft (53%), financial access (22%), account access (11%), existential data (10%), and nuisance (4%). The most common industries affected included government organizations (43%), health care companies (19%), other (17%), technology businesses (12%), and retail companies (6%).

"Every industry or person is vulnerable to cyber attacks."

These statistics indicate one thing: Every industry or person is vulnerable to cyber attacks. And that's very scary, especially for businesses that don't have the IT infrastructure in place to ward off IT criminals.

Two questions now remain: Who's conducting these attacks, and how are they doing so?

The sources of attack, according to the report, include malicious outsiders (58%), accidental loss (24%), malicious insiders (14%), hacktivists (2%), and state sponsored organizations or people (2%).

That means cybercriminals outside of an organization are the most likely source of IT attacks. And those numbers are only rising, according to the source.

However, that doesn't mean organizations should only be concerned with updating their IT firewalls. Denis Gorchakov, an IT security expert at Kaspersky Lab, explained that people, not necessarily IT barricades, are the weakest link in an organization. And the data confirms this. Twenty-four percent of data loss occurred because of human error or malicious insiders - people within an organization who are purposely trying to exploit critical personal data.

"The human factor is often the weakest link in corporate IT security," said Gorchakov. "Technology alone is rarely enough to completely protect the organization in a world where attackers don't hesitate to exploit insider vulnerability."

Companies need to protect themselves by not only being on the lookout for rogue employees willing to turn over top-secret information, but also for those who may be making critical errors in data entry or processing. In both situations, managers must rectify the situation by either releasing detrimental workers or training employees on company and industry best practices.

So what we have we learned today? Take IT security seriously. Any industry can experience a cyber attack by a multitude of different personnel who are looking for a variety of information.

How You Can Gain Peace of Mind

EiQ offers two SOCVue® hybrid security-as-a-service solutions that can help organizations of any size affordably and effectively improve their cybersecurity and compliance posture:

  • SOCVue Security Monitoring gives you visibility and control over your IT environment. You’ll get best-of-breed Log Management and SIEM that is managed around-the-clock for real-time threat detection, analysis and notification, proactive remediation guidance, and compliance auditing.
  • SOCVue Vulnerability Management reduces your attack surface and mitigates risk with unlimited managed scans, analysis, risk prioritization, and remediation guidance. Focus on what matters most: your core business.

EiQ’s SOCVue combine the best people, process, and technology to build the enterprise-class IT security program your organization needs. That’s because SOCVue gives you the flexibility and cost savings of a security software-as-a-service offering, but also provides a world-class team of security and technology experts to manage the technology and help implement cybersecurity best practices.

With all the challenges you face today while trying to keep your organization safe, having the best IT security solutions in your corner should not be one of them. Request a demo today to see how quickly and affordably you can improve your security and compliance posture with EiQ.

Request Free Demo Now!

Tags: Cyber Attack, Data Breach, Cybersecurity

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Recent Posts

Posts by Topic

See All