Unsurprisingly, most data breaches are caused by hacking

Security attack
(Image credit: Shutterstock / ozrimoz)

The majority of all data breach incidents were down to pure hack attacks, new research has found.

A report from Flashpoint found that of all the data breach incidents reported during the first half of the year, six in ten (60%) happened due to “hacking” - when a person (or a group) accesses company systems without permission.

All in all, there had been almost 2,000 reported data breaches around the world, in H1 2022, which is most definitely not the exact number of incidents. What’s meaningful about this report, though, is that incidents coming from misconfigurations are down almost 50% year-on-year, from 27.3 to 1.4 billion records. 

Insider attacks

The report also discusses the danger of insider attacks. Apparently, just 23% of all incidents with confirmed origins came from insiders, and of that number, two-thirds (61%) were the result of mistakes with handling data. 

In total, 54 breaches have been confirmed as coming from an insider, with some being relatively painless for the company (credit card theft at the point of sale), and some being outright monstrous (the stealing of proprietary source code and similar).

Insider attacks are often described as one of the biggest threats to companies. Sometimes they’re deliberate (when a disgruntled employee looks to directly deal damage to the company), but most of the time, they’re just the result of an honest mistake, or negligence (for example, losing data via email by sending it to the wrong address, losing external storage devices, smartphone, and laptops, or similar).

This forces organizations not only to keep their web exposure to a bare minimum but also to increase their efforts in stopping unauthorized access as much as possible. 

Flashpoint says they can achieve that goal by improving their intelligence gathering efforts, hardening their systems, and carrying out regular audits.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.