Apparent reasons: a few examples of why IT security breaches happen

April 7, 2015

Over the last few years we have witnessed a number of high-profile, large scale security breaches with quite dramatic consequences, such as massive leaks of personally identifiable data. It ranges from something rather innocuous, albeit displeasing, like the real names of the MMO players, to something extremely dangerous such as credit card and social security numbers. So why does this happen? The reasons may be different in every specific case, but most of the time they can be described with just three words.

Severe Cases

The incidents with Sony Playstation Network and Sony Pictures – that led to the leakage of terabytes of sensitive data – now feel almost iconic. And while attacks on their own could be quite sophisticated, the actual reason behind the catastrophic proportions of the leaks are the same in both cases. Sony divisions IT workers kept that data less than secure: passwords in plain texts, unencrypted documents, folders openly called “Passwords”, – in other words, all of these “valuable assets” were lying around in plain sight.

These are the most outrageous cases, directly affecting thousands of (sometimes dozens and hundreds of thousands, or even millions) people around the globe.

But there are always more subtle – and less public – incidents happening, and they don’t attract the same amount of attention as the Sony Megahacks, but they still lead to leaks of data or financial losses.

wide1

What can be done to minimize the risks of “common mistakes” made by employees? Take a look at our practical guide!

Mundane examples

A high-ranking corporate officer has to handle a daunting number of various passwords; unsurprisingly he uses both his smartphone and tablet to store them. After all, he has to stay connected wherever possible, even when using a laptop isn’t an option.

The most common mistake even rather advanced users make is to re-use passwords for a multitude of resources. It’s not as bad a mistake as using 1234 as a password to a critical e-mail account. It’s probably worse.

But the fact remains: According to Kaspersky Lab’s surveys, 59% of people fail to store their passwords securely, 63% use “easy-to-guess” passwords and up to 39% use the same combination for all their accounts. In case hackers get one such password, the domino effect begins.

wide2

Mobiles are everywhere, and so are the risks attached. Reducing them may seem daunting, but, as our new Practical Guide shows, they are not that much of a chore.

Yet another mundane example

A certain company CFO had some serious documents in his smartphone; someone knew about it so a busy airport and a couple of deft hands was all that was needed to relieve him of both a device and sensitive information, which later landed in the hands of a top bidder. An artificial scenario, perhaps, but not unrealistic. Regardless of what actually happens to the lost device, it’s a risk on its own.

Kaspersky Lab survey shows that 1/3 of businesses have experienced loss or theft of staff mobile devices, and 1/4 of those know they have lost data as a result.

Just Three Words

As said before, the major factors of security breaches generally come down to just three words. What are they? – The first one is “bad”, the second is “security”, and the third is “policy”. i.e. misplaced rules, bad password hygiene, unprotected mobile devices, etc.

But “bad” doesn’t mean “impossible to improve.”