Human error responsible for “two-thirds” of lost data

A new study has found that human error alone was responsible for two-thirds of the compromised records lost in the past year to cyber attackers.

According to IBM X-Force’s latest Threat Intelligence Index, however, the number of records that were breached in total has fallen by nearly a quarter in the last year, with cyber criminals turning their attention to launching new ransomware attacks.

The report estimates that in 2017, 2.9 billion records were accessed by cyber attackers – down 1.1 billion from 2016’s levels – and that ransomware was the “dominant” form that attacks took.

Ransomware came either in a purely money-raising variant, which keeps data encrypted, and so-called “pseudo-ransomware” like the WannaCry and NotPetya attacks, which typically will completely erase a user’s data without trying to extort money.

IBM X-Force’s authors examined hundreds of millions of servers and endpoints around the world to find out more about the vulnerabilities that affected them in 2017.

The report suggests that there was a 424 per cent increase in breaches that arose out of improperly configured cloud infrastructure – almost entirely explicable through human error.

These lapses were, in turn, responsible for 70 per cent of all the compromised records identified by the report’s authors – and indication, they say, that cyber criminals are waking up to the potential for attacking cloud facilities.

Individuals hooked by phishing scams – which entice users to open malicious email links sent through a spam campaign - made up a third of all accidental activity that led to a security breach in the past year.

“Inadvertent insiders were found to be a major issue for security teams to reckon with, stressing that enterprises’ cyber security awareness programs need to keep pace with the changing landscape and provide continued role-based training for all employees,” the report said.