Data breaches are getting worse - and many are coming from a familiar source

News
By
published

Employee errors are still the number one cause of breaches

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
(Image credit: weerapatkiatdumrong / Getty Images)

Hacking an IT network via zero-day vulnerabilities may grab all the headlines, but the vast majority of cybersecurity-related incidents come as a consequence of employee error. 

The latest Verizon Business Data Breach Investigations Report (DBIR) found half (49%) of the incidents across the EMEA region are initiated internally. 

Across the EMEA region, the top reasons for cybersecurity incidents include “miscellaneous errors, system intrusion, and social engineering” (87% of all breaches). 

Zero-days still a major threat

When hackers make their way into an IT network, they mostly steal personal information (64%), followed by internal data (33%), and login credentials (20%). 

But even when data breaches aren’t accidental and include a malicious third party, they are still initiated with a non-malicious human action, Verizon further explains. That means that an employee will either make a mistake, or fall prey to a social engineering attack.

“The persistence of the human element in breaches shows that organizations in EMEA must continue to combat this trend by prioritizing training and raising awareness of cybersecurity best practices,” said Sanjiv Gossain, EMEA Vice President, Verizon Business.

However, the increase in self-reporting is promising and indicates a cultural shift in the importance of cybersecurity awareness among the general workforce.” 

This doesn’t mean that attacks via zero-days are negligible. In fact, globally, the exploitation of vulnerabilities as an initial point of entry increased since last year, accounting for 14% of all breaches, Verizon’s report further stated. This spike was driven mostly by the MOVEit cyberattack, which saw the ransomware actors known as Cl0p abusing a zero-day in the managed file transfer solution to compromise thousands of organizations worldwide, and steal enormous amounts of sensitive information.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.