3 Causes of Security Breaches



There are hundreds of security breaches that happen every day but in the end, they fall into 3 main groups;

  1. Malicious, intentional or criminal
  2. System glitches
  3. Human error

IBM 2015 Cost of Security Breach Survey conducted by Ponemon Research, allocates 49% to malicious activity, 23% to system glitches and the remaining 28% to human error.

Malicious, intentional or criminal

Just like the old fashioned theft of physical goods, these attacks are usually well planned, targeted and for the most part, have a negative impact on the business being targeted.

Many of us have had our email hacked or our phone tampered with by mischievous friends sending inappropriate texts to our contact lists. It can happen to anyone, it’s usually just a matter of time.

Phishing, scams, hacking, fraud, cybercrime, theft of intellectual property (company T&Cs are the most commonly stolen text), data, systems and diversion of funds. Viruses and system infections are also common. As businesses work hard preventing data theft by implementing more sophisticated systems, the perpetrators are working just as hard to always stay one step ahead.

E-commerce trading operations regularly undergo penetration testing and STAR simulated targeted attack response testing. This makes sure that their sites are secure and can continue to trade securely.

Just because you are a small business doesn’t mean you aren’t a target. It might not even happen online – invoice fraud is an increasingly real threat.

System Glitches

Why is it that your network and computer were fine when you turned them off last night, but first thing this morning they don’t work? These problems happen; they are illogical and we never usually know the reason why.

Most of the time the problem is solved and everyone gets back to work with a sigh of relief. Investigations should be commonplace but sadly they only happen in a few cases. Where they do happen, it’s this diligent approach to understanding what happened and why that makes an organisations’ systems much stronger.

When a product is badly made, how do you know if the ingredients for your production recipe is a ‘system glitch’ or intentional tampering by a disgruntled employee? The only way to find out and stop it happening again is to investigate, find, resolve and monitor.

Human Error

The wonderful thing about people is that they are predictably, unpredictable! But as a manager this is a difficult one to manage because of the un-predictable nature of the risk as you’re unlikely to get any warning signs.

The news is littered with stories of companies where employees have left laptops or paper files on trains, lost phones, shared passwords they shouldn’t have done, posted the wrong information at the wrong time on websites; the list goes on and on. In the USA there is a website dedicated to daily security breaches. It’s a great place to see the full extent of information security risks and a bookmarked site for many IT specialists.

Recent data breach news you may not have heard about…

  • It’s been revealed that the police forces across the United Kingdom are involved in 10 data breaches a week, with Surrey Police the second worst. Read more >>
  • A recent report states more than 800 employees in the UK’s police forces accessed personal information for no policing purpose, while data was shared inappropriately or without authorisation almost 900 times. Read more >>
  • A new report by a British House of Commons committee recommends that organisations get control of their supply chains, noting that a 2016 data-breach report found only a third of organisations had cybersecurity standards in place to address third-party vulnerabilities. Read more >>
  • 58% of UK companies have reported data breaches in the last two years. Read more >>
  • According to a report from Protenus and DataBreaches.net, there were 29 protected health information breaches in June, including a total of more than 11 million patient records. Read more >>
  • On average, data breaches cost UK firms £1.2 million. Read more >>

ISO 27001 is the best practice framework for an Information Security Management System, and is recognised across the world. To find out more about ISO 27001, visit our dedicated service page, or free phone 0800 404 7007 to speak to an expert.

Alternatively, complete an online enquiry form and we’ll get back to you, providing you with a quote to becoming ISO 27001 certified.

Free Introduction to ISO 9001 course






start course