The 8 Most Common Causes of Data Breaches

Although hacking attacks are frequently cited as the leading cause of data breaches, it's often the vulnerability of compromised or weak passwords or personal data that opportunistic hackers exploit. Statistics show that four out of five breaches are partially attributed to the use of weak or stolen passwords.

The 2023 Verizon Data Breach Investigations Report states that 83% of breaches were perpetrated by external actors. Of these breaches, 49% involved the use of stolen credentials. 

According to research by the Digital Shadows Photon Research team, more than 15 billion stolen credentials are circulating on the internet and dark web. Fifty percent of retail cyberattack victims were extorted, and 25% had their credentials harvested.

Solution: To mitigate the risk of hackers executing an account takeover on sensitive accounts, consider deploying Akamai’s fraud protection tools. These act as proactive defenses, significantly reducing the likelihood of unauthorized access and enhancing the overall security of your accounts.

Akamai Bot Manager is a comprehensive solution that addresses challenges associated with bot traffic on websites and applications. It’s designed to identify, manage, and mitigate both malicious and nonmalicious bot traffic, ensuring a more secure and efficient online experience. Key features and functionalities include:

• Bot detection and classification

• Behavioral analysis

• Bot risk profiling 

• Real-time bot intelligence

• Granular bot control 

• Custom rules and policies

To further protect your organization, it’s also advisable to use a password manager, establish strong passwords, and set up multi-factor authentication (MFA) across computer systems — this way, you can prevent personally identifiable information from getting into the wrong person’s hands.

Exploiting backdoor and application vulnerabilities is a favored strategy among cybercriminals. When software applications are poorly written or network systems are inadequately designed, hackers find open doors that grant them direct access to valuable data and confidential information.

Web application attacks contribute to 26% of breaches, ranking as the second-most prevalent attack pattern.

On average, malicious bots represent over 60% of all bot traffic on the internet. Moreover, 17% of all cyberattacks target vulnerabilities in web applications. Digital commerce websites are particularly vulnerable, with 75% of fraud and data theft occurring within this sector.

Application-layer attacks have spiked by as much as 80% in 2023, with 25,059 CVE vulnerabilities recorded in 2023: 5,000 more than 2022. Furthermore, 18% of websites are infected with critical severity threats such as backdoor and malicious file modifications.

Solution: Ensure your web application firewall (WAF) is regularly updated and well-managed. It should also use an advanced artificial intelligence (AI) engine to close potential vulnerabilities and maintain a robust defense against unauthorized access.

The WAF should be a robust security solution designed to protect web applications from a variety of cyberthreats, including data breaches. It serves as a barrier between web applications and the internet, scrutinizing and filtering HTTP traffic to identify and mitigate potential vulnerabilities and attacks.

Key features of WAF protection include:

• Advanced AI-based security policies 

• Advanced threat intelligence

• Behavioral analysis 

• Scalability

• Adaptive security

Overall, a WAF is a comprehensive security solution that helps organizations secure their web applications, prevent data breaches, and ensure a robust defense against various cyberthreats.

The prevalence of both direct and indirect malware is increasing. Malware (inherently malicious software) is loaded onto a system by users without intent, providing hackers with access to not only exploit the affected system but also potentially the connected systems. This type of malware poses a significant security threat as it allows malicious insiders access to confidential information and provides the ability to steal data for financial gain.

According to Parachute, threat actors deploy an average of 11.5 attacks per minute, including 1.7 novel malware samples per minute in 2023. Ninety-two percent of malware was delivered via email or by uploading files onto corporate external systems. In the first half of 2023, 2.8 billion malware attacks occurred — and Cyber security experts, Sonicware, found over 270,228 malware variants that have never been seen before (2022). Roughly 30% of malware breaches are done through emails with fake links and attachments (2022).

Solution: Implementing an advanced malware protection solution can significantly enhance online vigilance, reducing the risk that employees will fall victim to malicious software. By leveraging cutting-edge data security in malware detection and prevention, organizations can fortify their data protection defenses against evolving cyberthreats and security breaches.

Cybercriminals and hackers can bypass the effort of creating their own access points by persuading individuals with legitimate data access to do it for them. 

Phone calls, phishing scams, malicious links (often sent via email, text, or social media), and other forms of social engineering are commonly used to manipulate individuals into unwittingly granting access or divulging sensitive information like login credentials to cybercriminals. 

Such information can result in a data leak, in which hackers recycle, reuse, and trade sensitive data like Social Security numbers or personal data for the purpose of identity theft and other illicit activities.

Social engineering, involving tricks or manipulation, is used in 98% of cyberattacks. According to Verizon’s 2023 report, 10% of security incidents and 17% of data breaches were caused by social engineering. The average organization is targeted by more than 700 social engineering attacks annually.

Solution: Exercise vigilance in sharing sensitive information with external parties. Awareness of the information being shared and verification of legitimacy can serve as a simple yet effective defense against social engineering tactics. Use Akamai Brand Protector and develop a robust risk management plan with simple solutions like MFA to further safeguard your assets and reputation.

Excessive and complex access permissions present an enticing opportunity for hackers. Businesses that don’t maintain strict control over access within their organization may either have granted inappropriate permissions to individuals or left outdated permissions accessible for potential exploitation by malicious actors. This results in a heightened risk of insider threats and compromised security measures.

There’s a significant shift in work preferences toward remote and flexible arrangements. Sixteen percent of companies operate fully remotely without a physical office, while 98% of employees want some part of their work to be remote. A total of 12.7% of full-time employees work exclusively from home, while 28.2% work a hybrid model.

Gartner predicts that by 2026, 10% of large enterprises will use the ​Zero Trust security model — but today, less than 1% of the businesses have a mature Zero Trust model.

Phishing is the most common form of cybercrime, with approximately 3.4 billion malicious emails sent every day in 2023.In 2023, BEC attacks skyrocketed, with monthly attacks per 1,000 mailboxes more than doubling to 10.77, a staggering 108% increase compared to 2022. The rate of these attacks peaked in October with a monthly average of 14.57 attacks per 1,000 mailboxes. In 2023, IBM reported that phishing cost $4.9 million per attack.

Solution: Implementing an advanced Zero Trust solution is crucial, as it provides restricted access — reducing the risk of human error and preventing the exposure of excessive data to corporate users. It’s also essential to monitor and protect identity and activity on the external internet by using enterprise DNS security. This approach ensures that users only access the information necessary for their roles while actively safeguarding their identity and actions online.

Ransomware is a type of malicious software designed to block access to a computer system or files until a sum of money, or ransom, is paid. It typically encrypts the victim's files or locks their system, rendering it inaccessible, and then demands payment (often in cryptocurrency) in exchange for restoring access. 

Ensuring the safety and protection of your infrastructure against external threats is paramount. You must be confident that attackers haven’t gained access to your systems and aren’t using them for malicious activities.

Ransomware attacks have become increasingly common and sophisticated, posing significant threats to data security and financial stability. Ransomware will likely continue to dominate cybercrime in 2024. According to Statista, it was the leading motive for more than 72% of cybersecurity attacks in 2023. 

Quoting IBM, “The share of breaches caused by ransomware grew 41% in the last year and took 49 days longer than average to identify and contain.” The average ransom in 2023 was $1.54 million, which is almost double the 2022 figure of $812,380. 

Solution: Implement a robust visibility and protection solution, such as microsegmentation. Microsegmentation offers a straightforward, fast, and intuitive approach to enforce Zero Trust principles within your network. This solution is designed to prevent lateral movement by visualizing activity in your IT environments, implementing precise microsegmentation policies, and swiftly detecting potential breaches.

Misconfigured settings or parameters encompass various issues such as default passwords, open ports, or weak encryption. Such inadequacies can create vulnerabilities that hackers may exploit to gain unauthorized access to systems or data, leading to security breaches and other malicious activities. Inadequate configuration settings and vulnerabilities in API exposure can pose significant security risks. 

Addressing and rectifying these issues is crucial to preventing unauthorized access and potential data breaches. Implementing proper configuration practices and regularly auditing API security measures are critical steps to enhance overall protection.

The number of unique API attacks has increased by 60% from Q2 2022 to Q2 2023. APIs account for 83% of all web traffic, making them a prime target for attackers. We also observed some interesting trends globally, with the Europe, Middle East, and Africa (EMEA) region experiencing the greatest ratio of attacks that targeted APIs (47.5%), followed by North America (27.1%) and the Asia-Pacific and Japan (APJ) region (15%). According to a report by VentureBeat, 41% of organizations had an API security incident in the last 12 months, and 63% of those were involved in a data breach or loss.

Solution: To address  misconfiguration and exposure via APIs, deploy an advanced API security solution. This offers comprehensive visibility, identifying vulnerabilities and detecting potential threats and abuses related to APIs. Moreover, it assists in protecting against these threats, enabling a proactive approach to security. By adopting such a solution, organizations can move toward a Zero Trust API maturity model, reinforcing their overall API security posture.

Domain Name System (DNS) attacks are malicious activities that target the DNS infrastructure to disrupt or manipulate the resolution of domain names into IP addresses. These attacks can have various objectives, including causing service disruptions using distributed denial of service (DDoS), redirecting users to malicious websites, or gaining unauthorized access to sensitive information. 

Here are some common types of DNS attacks:

• DNS spoofing (cache poisoning)

• DNS amplification attack

• DNS DDoS flood attack

• DNS tunneling

• NXDOMAIN attack

• DNSSEC (DNS security extensions) attacks

According to the IDC 2023 DNS Threat Survey, 90% of organizations suffered from a DNS attack in 2023. The average number of DNS attacks per organization was 7.5, and the average cost was US$1.1 million per attack. Seventy-three percent of targeted organizations experienced app downtime as a result of DNS attacks.

Solution: Deploy a strong cloud-based authoritative DNS service to ensure 100% availability and protection against DNS attacks. Implementing best practices and deploying security countermeasures are crucial steps to take when mitigating these attacks. Some measures include:

• DNS filtering

• DNSSEC implementation

• Anycast DNS

• Rate limiting

• Regular audits and monitoring

• 100% availability

• DDoS absorption