Verizon recently released a report of the top 9 causes of data breaches so far this year. While some are highly sophisticated attempts to access large systems, or direct ways to steal money, a lot can be learned for small business from these trends
So, what do the top 9 causes of data breaches look like?
9. Denial of Service
DDoS attacks accounted for only 0.1% of confirmed data breaches and 3.9% of total incidents. The attacks were primarily activist attacks. While only accounting for a small percentage of overall attacks, there was a dramatic increase in DDoS attacks over the year before, with twice the number of incidents reported.
8. Payment Card Skimmers
Payment card skimmers accounted for 3.1% of confirmed breaches. Naturally, these attacks primarily affect the financial services and retail sectors. While detection times are improving, attackers also are becoming more innovative, embracing Bluetooth and mobile devices.
7. Physical Theft / Loss
Physical theft and loss accounted for 15.3% of overall incidents. The thefts appeared to be mostly in the health care and public sector. Most of the theft and loss happened within the work area, with 55% of incidents reported there.
6. Micellaneous Errors
Miscellaneous errors accounted for 29.4% of all incidents. Most miscellaneous errors were things like sensitive information sent to incorrect recipients, publishing nonpublic data to public web servers, and insecure disposal of personal and medical data.
5. Web App Attacks
Web app attacks accounted for 4.1% of incidents overall - driven mostly by a motive for financial gain. Two-thirds of those attacks were secondary attacks - meaning they were designed to get access to some other primary data. And , nearly every attack (98%) was opportunistic. Some top web app attacks included use of stolen credit cards, use of back door or C2, SQL injections.
4. Insider Misuse
Insider misuse accounted for 20.6% of total incidents. The majority of insider misuse was privilege abuse. The main culprits of inside misuse included end users, cashiers, finance and executives.
3. Cyber-Espionage
Cyber-espionage accounted for 0.8% of total incidents. The attacks were targeted primarily at the manufacturing, public-sector and professional industries, looking to gain secrets, credentials, internal and systems data. The breaches were primarily carried out using email attachments, email links and web drive-by.
2. Crimeware
The second highest cause of data breaches is Crimeware, which accounted for 25.1% of total incidents. This can be defined as malware attacks that were not point-of-sale or cyberespionage. The vast majority of these attacks were C2, although a significant amount was also DOS, back-door and spyware/keylogger attacks.
1. Point of Sale Intrusions
Ranking No. 1 is point-of-sale intrusions, which accounted for 28.5% of confirmed data breaches. Attacks on POS systems mainly focus on swiping cards to collect revenue. The attack methods are becoming more varied, even against small businesses.