According to Verizon research, 49 per cent of all breaches in the EMEA region, including Europe, are committed internally. This indicates a high incidence of privilege abuse and other human error.
The Verizon Data Breach Investigations Report analyzes thousands of security incidents each year and can identify essential patterns. Comparing the percentage of 49 to last year’s Verizon survey, it appears to be particularly explosive. Back then, the global average was about 20 per cent. The other incidents then were caused by external parties, such as hackers and former employees.
Internal threats can involve full-time employees, contractors, trainees and other personnel. These insiders are often trusted and subject to privileges (some more than others). However, when legitimate privileges are abused, there is access to data through unapproved or malicious use.
The role of humans
Across the EMEA region, alternating errors, system intrusion, and social engineering are the leading causes of cybersecurity incidents. The most common types of compromised data are personal (64 per cent), internal (33 per cent), and confidential (20 per cent).
Verizon sees that most data breaches involve a non-intentional human act (68 per cent), whether or not a third party is involved. Someone could make a mistake or fall prey to a social engineering attack. Just last year, 74 per cent of leaks involved a human element, a slight decrease. According to Verizon, this may be due to improved reporting practices. 20 per cent of users identified and reported phishing on stimuli, and 11 per cent of users who clicked on the email also reported it.
Also read our article on last year’s Data Breach Investigations Report to compare more numbers.