It’s easy to assume that all data breaches are the result of criminal activity, but that’s far from true.
A study of data from 2016/17 showed that 92% of security data incidents and 84% of confirmed data breaches were due to accidents or mistakes.
Here are the most common problems leading to leaks of data:
1. Expired Security Certificates
These certificates are an essential component in protecting systems and Equifax found out the hard way in 2017 when hackers accessed huge amounts of confidential data through an expired certificate. This data included 143 million records exposed containing names, addresses, dates of birth, Social Security numbers, and driver license numbers.
The data was stolen by hackers who exposed a vulnerability in Equifax’s web servers. If the relevant security certificates had been updated as they should have been – the hackers couldn’t have used that way in.
2. Unsecured Third Party Vendors
Many websites and complex systems are a mix of the owner’s software plus a variety of third party plugins, addons and linked external services. As in any other part of life – the weakest link determines the safety level of the whole system. If the 3rd parties aren’t adequately secured then the whole system becomes vulnerable.
3. Poor Email Security
Most hackers still gain access through phishing – that is sending out emails that attract people to respond in some way that gives the hackers the information they need to access systems. Maybe it’s through a fake quiz that requires a login and password or an offer of a gift token etc.
Or could just be that people haven’t learned the need to use passwords that are unguessable and not to write them down by their desk.
A company named Nightfall protects systems data and they have created the following article to explain in more detail how accidental data leaks can happen: https://nightfall.ai/resources/accidental-data-leaks/
If you have any experiences with these scams do let me know, by email.