The Most Common Ways Our Data Is Breached

Verizon’s 2014 Data Breach Investigations Report reveals that nine types of attacks are responsible for 92% of 100,000 incidents during the past 10 years.. The nine attacks are Web app attacks, cyber-espionage, point of sale intrusions, physical theft, crimeware, miscellaneous errors, and “everything else.”

In 2013, the most common technique was the Web app attack, which accounted for 35% of data breaches. Additionally, two-thirds of data breaches involved stolen passwords or misused credentials. In essence, hackers would find out the password to an Internet content management system like WordPress or Drupal, and then impersonate a valid user.

Spying

Of the attacks, 65% were done for motives that Verizon calls for purposes of “ideology or fun.” About 33% of the attacks involved attempting to hack into something for financial gain. Twenty-two percent of attacks were for espionage in any form. Eleven percent of espionage is done by criminal organizations, and 87% is by various governments. The U.S. was the biggest target for cyberspying, with 49% of the attacks from Eastern Asia and 21% from Eastern Europe, in particular Russian-speaking countries.

Most Attacks Caused by Human Error

Verizon gathered data from more than 50 organizations across the world as well as its own research, and found that in 2013, there were at least 1,367 confirmed data breaches, along with more than 63,000 security incidents. Cyberattacks against global governments account for 13% of all breaches and 75% of incidents.

For the public sector, of the nine factors that Verizon identifies as the most common ways hackers infiltrate a target, the most frequent (34% of cases) is a miscellaneous error. The next highest is insider misuse, at 23%, followed by crimeware and theft, at 21% and 19%, respectively. The next highest is only 2% of cases, which is “everything else.”

Typically, the entity responsible for the error is an administrator, at 43% of cases.

US Government Skewing the Data?

Typically, a miscellaneous error involves delivering data to the wrong recipient.

“According to our sample, government organizations frequently deliver non-public information to the wrong recipient…Why is that number so large?” Verizon asked in its report. “The United States federal government is the largest employer in that country, and maintains a massive volume of data on both its employees and constituents, so one can expect a high number of misdelivery incidents.”

In other words, the data might be skewed by the government.

If you’re worried about a data breach affecting you, the most important way to protect yourself is to consistently monitor your financial accounts and your credit. You can monitor two of your credit scores for free every month on Credit.com. A significant, unexpected change in your score could signal identity theft and you should check your credit reports (you can get free copies once a year) to confirm.