Let's get started.
Choose your country to view contact details.
Call for Sales.
Or we'll call you.
Existing customers, sign in to your business account or explore other support options.
Miscellaneous Errors
Please provide the information below to view the online Verizon Data Breach Investigations Report.
Thank You.
Gracias.
You will soon receive an email with a link to confirm your access, or follow the link below.
Gracias.
You may now close this message and continue to your article.
Resumen
Misdelivery, Misconfiguration and Publishing errors continue to be the headliners, and the errors that lead to breaches are most often committed by System admins and Developers.
What is the same?
Employees continue to make mistakes, and sometimes they result in considerable damage to their organizations.
Frequency | 602 incidents, 512 with confirmed data disclosure | |
Threat actors | Internal (99%), Partner (2%), Multiple (1%), External (1%) (breaches) | |
Data compromised | Personal (89%), Medical (19%), Other (10%), Bank (10%) (breaches) |
You can’t find good help these days.
The great English poet and essayist, Alexander Pope once quipped, “It is hard to hire people who don’t screw things up.” Well, it was something more or less along those lines—just take our word for it. Regardless of who said (or did not say) what, the Miscellaneous Errors pattern continues to comprise a decent chunk of our breach data. If you are a “glass half full” kind of reader, you may take comfort in the fact that this year, error-related breaches are down to 9% as opposed to 13% last year. If you are a “glass half empty” reader, you may simply attribute it to reporting since last year we had 715 error incidents and 708 with confirmed data disclosure as opposed to 602 incidents, with 512 confirmed breaches this year.
It’s my favorite mistake.
Perhaps “favorite” is too strong a word. Misdelivery (sending something to the wrong recipient) accounts for 43% of breach-related errors in our dataset (Figure 41). Publishing errors (showing something to the wrong audience) is in second place at 23%. Finally, Misconfiguration, the much-loved action type of the lazy person, comes in third and accounts for 21% of error-related breaches. This might tempt us to think that people are unreliable—perish the thought. However, you can rely on them to at least keep things interesting by switching up their mistakes to help keep you on your toes.
In fact, as Figure 41 illustrates, Misconfiguration and Misdelivery have ebbed and flowed over the last few years as if they were part of the choreographed dance of celestial bodies. In last year’s report, Misdelivery and Misconfiguration converged, but this year Misdelivery is in the ascendancy,42 whereas our old faithful dog, the Publishing error, is once again meeting Misconfiguration on its downward slope.
If we drill down a little deeper (Figure 42), it’s easy to see that these three Error types have won the popularity contest by a wide margin. However, the team is saddened to see that Gaffe is always at or near the bottom (considering how many of those we make ourselves).
As illustrated in Figure 43, the majority of errors that lead to breaches are committed by Developers and System admins, along with a sprinkling of End-users. Given the Error action types that are most often found in breaches, it is hardly surprising that those who have more responsibility for maintaining the data and the upkeep of the environment are also those who are most frequently responsible. Speaking of responsibility, the error vector of Carelessness appeared in 98% of cases. Yikes! Maybe Pope was on to something.
CIS Controls for consideration
Control data Data Protection [3] |
Secure infrastructure Continuous Vulnerability Management [7] |
Application Software Security [16] |
Train employees Security Awareness and Skills Training [14] |
Application Software Security [16] |
42 If you were born under the sign of Misdelivery you should expect good news soon. 3, 9, 13 and 33 are your lucky numbers.