Friday, March 31, 2017
Human Factors Play Major Role in Data Breaches
According to Verizon’s recent 2017 Data Breach Digest, a 99-page report by the company’s data breach investigation team, breaches are becoming more complex and now touch every part of an organization. The Digest describes 16 common breach scenarios, divided into four clustered groupings: (1) the human element; (2) device misuse or tampering; (3) configuration exploitation; and (4) malicious software. Verizon data indicates that the human element was the major vulnerability relied upon in one-third of confirmed data breaches, ranking behind hacking and malware, while also being a factor in up to one-half of all breaches. Tactics and techniques used to exploit the human element include phishing (92%), pretexting (42%) and bribery/solicitation (3%). Email is overwhelmingly the primary means of communicating with targets, highlighting the importance of employee education and training across the organization, as well as the need for multi-factor authentication.