Published Jul 09, 2020 by Xiph
The role humans play in data breaches and what can be done about it
Whether you’re a 14 year old kid that left their diary under their pillow instead of under lock and key or you’re an adult that actually wrote down their password and now can’t recall where you left that slip of paper, simple data breaches are all around us. And it’s all filed under human error. In this case, you are the human.
We like to blame breaches in data on the intentional rebellion, wrongdoing or dark intentions of hackers, profiteering meg-companies or disgruntled employees. In reality, simple human error is more of a culprit than we’d like to think. In fact, it was the leading cause of data breaching in Australia in 2019. Here’s how and why this is such a pervasive factor:
Phishing, malware and ransomware
Let’s get the obvious out of the way first. Something as simple as clicking on a link that may not seem suspicious to the untrained eye, is a major player in human error-related data breaches. Improperly or insufficiently trained employees taking five to browse the web or peruse their personal emails is usually the culprit. Clicking links, opting into random surveys, getting drawn into pop-ups, can put an entire company’s data or security system at risk.
A whopping 67% of Australian data breaches
Yes, that’s right. Australians who interact with digital technology at work are suckers for a good phishing trap. Malicious actors who set such traps are mostly in it for financial gain, so it’s unsurprising that financial institutions top the list when it comes to these kinds of data breaches. Second on the list is the health sector. In almost all of these cases, personal contact information was leaked. In 42 per cent, financial details were disclosed. The need for Australian organisations to invest more time and resources into IT best practice is glaring – and we hope that 2020 proves different. More on that in a moment.
Double-check fails
Another aspect of breach-creating human error is a simple lack of carefulness. The reluctance to update or create complex passwords. The failure to properly dispose of personal information. Even something as simple as accidentally typing out the wrong email address or missing the right one by a letter. Again, if employees were appropriately trained to double-check behaviours and practice due diligence while inside the online sphere; if appropriate safeguards were put in place so that these specific errors couldn’t occur in the first place, then the volume of data breaches would drop, dramatically.
Alas, 2020 is already a data-breach extravaganza
While not every single one of the following breaches were the result of pure human error, the majority involved an individual allowing a malicious actor to walk through a virtual backdoor with impunity:
- Jan 2020 – Amazon employees leak customer data to third-party agent (this wasn’t the first time)
- Jan 2020 – Microsoft customer support database leak online
- Feb 2020 – Yarra Trams commuters’ email addresses are exposed
- Feb 2020 – MGM resorts exposes personal details of 10.6 million guests
- Mar 2020 – Australian Department of Defence expresses alarm that key members were compromised in database hack, breach downplayed
- Mar 2020 – Melbourne TAFE exposes 55k student and staff files, many containing financial and health data
- Apr 2020 – Zoom breach exposes 500,000 user accounts due to ‘weak’ passwords
- Apr 2020 – Facebook sees millions of profiles turn up for sale on the dark web
- Apr 2020 – Optus faces $40 million class action suit after 50,000 customer details leaked online
- Apr 2020 – WA Police Force sees confidential details of its entire force accessed
- May 2020 – Service NSW suffers targeted attack, emails compromised
- May 2020 – My Health Record system struck by hacker; attempt “failed”
This is merely an abridged version of the full, frightening list.
It’s past the time for action
For organisations and individuals, it’s becoming increasingly clear that data breaches aren’t going away and that human error, while perhaps manageable, is not avoidable. What is avoidable is operating on systems and devices that make hacking, phishing and data leaking a cakewalk. The more the average employee and enterprise cotton onto the fact that there is another way to go about securing data, the less we will see such ongoing digital mayhem.
NCryptCellular operates to offer alternatives that make human error less of a worry; less impactful. We scour the globe for products and solutions that encrypt data in such ways that even if a human makes an error, in almost all cases, the data remains protected.
All that is to say, we can help you erase your mistakes before you make them to keep your data safe.
Posted in: Security