Human nature is still the most targeted weakness cyber attackers exploit when hacking a system, according to the Verizon 2016 Data Breach Investigations Report.
Miscellaneous errors by end users account for the largest share (17.7 percent) of data breaches across industries last year, with 26 percent of those incidents involving somebody mistakenly sending sensitive information to the wrong person.
"You might say our findings boil down to one common theme — the human element," said Bryan Sartin, executive director of global security services of Verizon Enterprise Solutions. "Despite advances in information security research and cyber detection solutions and tools, we continue to see many of the same errors we've known about for more than a decade now."
This is the ninth iteration of Verizon's data breach investigations report, which analyzes more than 2,260 confirmed data breaches and more than 100,000 reported security incidents from the past year.
Here are four key findings from Verizon's report.
1. Phishing is becoming more of a concern for organizations. The 2016 report indicated users opened 30 percent of phishing messages, up from 23 percent in last year's report.
2. In 93 percent of security incidents, attackers were able to compromise a system in just minutes or less. Data exfiltration occurred in minutes in 28 percent of cases, but breach victims didn't learn they had been breached for weeks in 83 percent of cases.
3. The breach found 95 percent of breaches fit into the following nine patterns:
- Miscellaneous errors: 17.7 percent
- Insider and privilege misuse: 16.3 percent
- Physical theft and loss: 15.1 percent
- Denial of service: 15.0 percent
- Crimeware: 12.4 percent
- Web app attacks: 8.3 percent
- Point-of-sale intrusions: 0.8 percent
- Cyber-espionage: 0.4 percent
- Payment card skimmers: 0.2 percent
- Everything else: 13.8 percent
4. In healthcare specifically, physical theft and loss, insider and privilege misuse and miscellaneous errors accounted for 73 percent of all data breaches.
More articles on data breaches:
Raleigh Orthopaedic Clinic to pay $750,000 to settle HIPAA violation
While data breach threat grows, companies get better at detecting them
US government at the bottom of the barrel when it comes to cybersecurity: 7 insights