The IT department has conventionally been blamed for the majority of data breaches and incidents in organisations worldwide.
However, the newly released Verizon 2016 Data Breach Investigations Report has found that most of the causes of corporate data breaches continue to play off of human frailty.
In fact, 63% of confirmed data breaches involve leveraging weak, default or stolen passwords.
“Often the reason why criminals were so quick at breaking in was that they already had the key. Social engineering remains worryingly effective—’click here to reset your banking password,”’ the report stated.
It highlighted that almost a third (30%) of phishing messages were opened by professionals—up from 23% in 2014.
And 12% of targets went on to open the malicious attachment or click the link—about the same as 2014 (11%).
“You might say our findings boil down to one common theme — the human element,” said Bryan Sartin, executive director of global security services, Verizon.
“Despite advances in information security research and cyber detection solutions and tools, we continue to see many of the same errors we’ve known about for more than a decade now. How do you reconcile that?”
Adding to the list of human errors are those perpetrated by the organisations themselves. Labeled ‘miscellaneous errors,’ this incident pattern group took the top spot for security incidents in this year’s report.
In fact, 26% of these errors involve sending sensitive info to the wrong person. Other errors in this category included: improper disposal of company information, misconfiguration of IT systems, and lost and stolen assets such as laptops and smartphones.
Of increasing concern to Verizon’s security researchers was the speed in which cybercrime is committed.
In 93% of cases, it took attackers minutes or less to compromise systems and data exfiltration occurred within minutes in 28% of the cases.
To help aid the situation, the report stated it is key for HR departments to train staff in dealing with sensitive data.
“Developing security awareness in your organisation is critical. Include education on physical security of assets as part of the orientation and ongoing training of employees,” it said.