Talent & Tech Asia Summit 2024
human resources online

63% of data breaches are caused by weak passwords

The IT department has conventionally been blamed for the majority of data breaches and incidents in organisations worldwide.

However, the newly released Verizon 2016 Data Breach Investigations Report has found that most of the causes of corporate data breaches continue to play off of human frailty.

In fact, 63% of confirmed data breaches involve leveraging weak, default or stolen passwords.

"Often the reason why criminals were so quick at breaking in was that they already had the key. Social engineering remains worryingly effective—'click here to reset your banking password,''' the report stated.

It highlighted that almost a third (30%) of phishing messages were opened by professionals—up from 23% in 2014.

And 12% of targets went on to open the malicious attachment or click the link—about the same as 2014 (11%).

“You might say our findings boil down to one common theme -- the human element,” said Bryan Sartin, executive director of global security services, Verizon.

ALSO READ: What HR can do to prevent data breaches and cyber threats

“Despite advances in information security research and cyber detection solutions and tools, we continue to see many of the same errors we’ve known about for more than a decade now. How do you reconcile that?”

Adding to the list of human errors are those perpetrated by the organisations themselves. Labeled ‘miscellaneous errors,’ this incident pattern group took the top spot for security incidents in this year’s report.

In fact, 26% of these errors involve sending sensitive info to the wrong person. Other errors in this category included: improper disposal of company information, misconfiguration of IT systems, and lost and stolen assets such as laptops and smartphones.

Of increasing concern to Verizon’s security researchers was the speed in which cybercrime is committed.

In 93% of cases, it took attackers minutes or less to compromise systems and data exfiltration occurred within minutes in 28% of the cases.

To help aid the situation, the report stated it is key for HR departments to train staff in dealing with sensitive data.

"Developing security awareness in your organisation is critical. Include education on physical security of assets as part of the orientation and ongoing training of employees," it said.

Image: Shutterstock



Follow us on Telegram and on Instagram @humanresourcesonline for all the latest HR and manpower news from around the region!

Related topics

Related articles

Free newsletter

Get the daily lowdown on Asia's top Human Resources stories.

We break down the big and messy topics of the day so you're updated on the most important developments in Asia's Human Resources development – for free.

subscribe now open in new window