Global Perspectives

Causes
Question: To what extent can privacy invasion be avoided?

The longer it takes an organization to respond to a data breach, the worse the
damage will be. Undetected breaches give cyber criminals more time to infiltrate
information, giving them more information and more opportunities to cause
damage.

But how long should it take an organization to identify and address an incident? 

According to the 2021 Cost of a Data Breach Study, it’s 30 days. For incidents
that are dealt with within this timeframe, organizations spend $1 million (about
£930,000) less on average compared to those that took longer.
Unfortunately, the study found that not only do organizations struggle to address a
security incident within 30 days, but many are unable to do so within six months.

In fact, according to the researchers, organizations take 187 days on average to

detect a data breach, during which time the damage will escalate. Paragraph [1]

1: Weak Credentials

The vast majority of data breaches are caused by stolen or weak credentials. If
malicious criminals have your username and password combination, they have an
open door into your network. Because most people reuse passwords,
cybercriminals can use brute force attacks to gain entrance to email, websites, bank
accounts, and other sources of PII or financial information. Paragraph [2]

Stolen passwords are one of the simplest and most common causes of data
breaches. Far too many people rely on predictable phrases like ‘Password1’ and
‘123456’, which means cyber criminals don’t even need to break into a sweat to
gain access to sensitive information. 
Even moderately secure passwords can be cracked with the help of a computer
programed that run through millions of the most popular credentials, so you need
to think hard to create something original whenever you choose your password.

You’re also vulnerable if you leave your password written down or use the same
phrase for multiple accounts. Paragraph [3]

2: Application Vulnerabilities 

Injection: Injection vulnerabilities can occur when a query or command is used to

insert untrusted data into the interpreter via SQL, OS, NoSQL, or LDAP injection.
The hostile data injected through this attack vector tricks the interpreter to make
the application do something it was not designed for.

Broken authentication: When applications incorrectly execute functions related to

session management or user authentication, intruders may be able to compromise
passwords, security keys, or session tokens and permanently or temporarily assume
the identities and permissions of other users.

Sensitive data exposure: Without essential data protection measures including the
encryption of data in transit or at rest, attackers can view, steal, or modify sensitive
data or personally identifiable information (PII) such as credentials, credit card or
social security numbers, and medical information. Unencrypted data is a prime
target for damaging exploits related to identity theft, fraud, and industrial
espionage, to name just a few security vulnerability examples.

XML external entities (XXE): For web applications that parse XML input, a poorly
configured XML parser can be tricked to send sensitive data to an unauthorized
external entity, i.e., a storage unit such as a hard drive. XXE attacks are used by
hackers to observe critical information, disclose internal files and file shares, scan
internal ports, execute code remotely, and mount denial of service (DoS) attacks.

Broken access control: Broken access control can give website visitors access to
admin panels, servers, databases, and other business-critical applications. This
OWASP Top 10 threat could be used to redirect browsers to other targeted URLs.

Security misconfigurations: According to Gartner, up to 95% of cloud breaches are

the result of human errors. Security setting misconfigurations are one of the biggest
drivers behind that stat. Of the OWASP Top 10, this vulnerability is the most
common.
Cross-site scripting (XSS): Cross-site scripting is also a widespread vulnerability
that affects more than half of all web applications. It occurs when malicious client-
side JavaScript or HTML scripts are injected into a web page and then use the web
application as an attack vector to hijack user sessions, deface websites, or redirect
the victim to sites under the attacker’s control.

Insecure deserialization: Insecure deserialization offers hackers an attack vector

that is most typically used for remote code execution but can also be used to
conduct injection attacks, replay attacks, and attacks utilizing privilege escalation.

Using components with known vulnerabilities: Modern distributed web

applications incorporate open source components, including libraries and
frameworks. Any component with a known vulnerability becomes a weak link that
can impact the security of the entire application.

Insufficient logging and monitoring: The time from attack to detection can take up
to 200 days, or sometimes longer. This window gives cyber thieves plenty of time
to tamper with servers, corrupt databases, steal confidential information, and plant
malicious code if sufficient logging and monitoring is not in place. Paragraph [4]

3: Malicious Activity

Malware is a perfect example of just how simple cybercrime can be. Crooks

purchase a piece of malicious software, find a system that contains a known
vulnerability, plant the malware and scoop up the rewards. What those rewards are
depends on the type of malware. It could be anything from a key logger, which
tracks what a user types into a machine, to ransom ware, which locks a system and
demands payment for the user to regain access. Paragraph [5]

There’s always a chance that someone will try to misuse it. That sounds cynical,
but unfortunately the lure of financial gain from selling data on the dark web is too
great for many. Employees are also susceptible to use sensitive information
maliciously if they are disgruntled at work or have left the organization under poor
terms and still have access to its systems. Paragraph [6] Employees don’t have to act
maliciously to commit a data breach. They might simply make a mistake, such as
including the wrong person in the Cc field of an email, attaching the wrong
document or losing a laptop. Paragraph [7]
Consequences Links:

1: https://www.kaspersky.com/resource-center/definitions/data-breach

2: https://www.itgovernance.eu/blog/en/the-most-common-causes-of-
data-breaches-and-how-you-can-spot-them

3: https://www.oxitsolutions.co.uk/how-dangerous-are-weak-passwords-
to-your-it-infrastructure/#:~:text=Today%27s%20security%20landscape
%20shows%20that,data%2C%20personal%20information%20or
%20accounts.

4: https://www.upguard.com/blog/common-data-leak-causes

5: https://www.prnewswire.com/news-releases/30-security-breaches-
caused-by-weak-passwords-goodfirms-2021-research-301438687.html

6: https://expertinsights.com/insights/the-most-significant-password-
breaches/

7: https://www.securden.com/blog/credential-spills-security-
breaches.html