Data breaches refer to security incidents where sensitive, protected or confidential data are consulted, copied, transmitted, stolen or used by unauthorised subjects. Incidences are increasing in most countries, and the size and cost of successful breaches is increasing. In most cases, data breaches occur for 2 main reasons:
1. Data breaches due to employee negligence (e.g. sending data to the wrong person)
2. Data breaches organised by hackers, leveraging vulnerabilities or through hacking activities.
Attackers often target individuals responsible for sending payments and requesting money transfers, tax records and/or other sensitive data (e.g. passwords).
Other attacks focus on the content of the recipient’s inbox, harvesting client and employee information, including personal data. They may also target confidential corporate information motivated by monetary gain. Very often human error and behaviour is a significant driver for data breaches, for example, it is still very common for employees to use weak passwords or the same passwords across multiple applications.