Data Breaches by Threat Categories

A recent study breaks down the threat categories of 500+ caseloads of investigated breaches.

Error – Poor decisions, misconfigurations, omissions, non-compliance, process breakdowns, etc. Nearly 80% of breaches within this category are due to omission.

Hacking – Deliberate action against information systems.

Malcode – Malicious software or code found to contribute to breach in question. Malware was found on many more systems, but was only listed here if it contributed in some way to the breach under investigation.

Misuse – The use of organizational resources and/or priviledges for any other purpose than for what or how they were intended.

Physical – May include theft, loss, sniffing, system access, tampering, observation, or assualt/threat. This is quite low for several reasons. First, many breaches that are sourced from a physical threat do not need further investigation (of which this study represents). Second, this study makes a distinction of data at risk vs a data compromise. This is different from many other sites and studies where if the data is lost or stolen it is usually identified as a breach even if there is no evidence that the data was taken or used for malicious purposes.

Deceit – Deliberate misrepresentation including social engineering. Many of these cases also do not need further investigation which may be why the number is quite low.

Environmental – While these events are a greater risk to the availability of systems rather than the confidentiality of data, there are cases that include environmental as the source. One example listed is where a power outage caused a system reboot which defaulted a system back to an open configuration that was then exploited.