In the first seven months of 2021 alone, 815 data breaches and cyber attacks were recorded in the UK, accounting for 3,980,757,735 breached records. It is natural to assume that the majority of these were from remote cyber attacks, but don’t underestimate the contribution of physical attacks to security breaches.
In this article we explore some of the physical threats that businesses and organisations must mitigate threats to improve data breach security.
But first, let’s look at some of the data breaches reported in the UK this year to get some perspective of the very real cyber attack and data breach threats business and organisations are facing:
- New Skills Academy, a major online learning provider based in Hertford, United Kingdom has suffered a data breach in which account information of its customers has been exposed to unauthorized sources potentially putting the personal records of 800,000 students at risk. Source: Hack Read
- Gun Trader, major concerns have been raised concerning gun security after a a recent data breach has caused 100,000 names and addresses of UK customers of a leading website for buying and selling shotguns and rifles to be shared on the dark web. Source: Farsight Security Services
- Oxford City Council, a ‘computer error’ caused a potential data breach over rent statements being sent to the wrong addresses, revealing payments, data and addresses. Although the council landlord services controls 7,800 council homes, it is believed that a small proportion were affected. Source: Oxford Mail. This is not an isolated incident however, UK councils reported over 700 data breaches to the ICO during 2020 according Computer Weekly.
- Redbourne Upper School and Community College in Bedfordshire, pupils coursework has been destroyed in a cyber attack. Although no data was taken, the school’s servers were left unreadable resulting in “the loss of a significant amount of data. Source: BBC
- The Nova Education Trust – 15 secondary schools across Nottinghamshire have had to shut down their IT networks after a central trust that manages their systems was hit by a cyber attack. Source: ITPro
- Birmingham City Council – details of ‘vulnerable kids’ were uploaded to Birmingham City Council website in a ‘serious’ data breach. Data, said to relate to youngsters entitled to free bus passes, was uploaded “in error” by staff. Source: Birmingham Live.…and the list goes on.
…and the list goes on.
What are the most common threats to Data Breach Security?
According to Sutcliffe & Co. Insurance Brokers, the most common causes of Data Breach include:
- Weak and Stolen Credentials, (Passwords)
- Back Doors, Application Vulnerabilities
- Malware & Ransomware
- Social Engineering (Impersonation)
- Too Many Permissions
- Physical Attacks
- Insider Threats
- User Error
The first five most common threats to data breach security can be clearly be linked with external cyber attacks. However, insider threats, physical attacks and user error are generally internal security threats that can be minimised with physical security measures being implemented. These can be damaging, and make no mistake – physical security to protect data is more important than ever.
Let’s look at the most common physical threats that can leave businesses vulnerable to Data Breaches:
A physical attack can result in a data breach. In fact, 10% of malicious breaches are caused by a physical security compromise according to a recent study. Physical attacks are caused where someone physically gains access to a site where data is stored with the intention of theft, damage or disruption. If on-site physical security is poor, it could be easier to just walk right in and take the data than hacking in remotely.
What are the top 4 physical security threats that can leave businesses vulnerable to Data Breaches?
- Unaccounted visitors – If you can’t account for who has had access to your site and when – your data could be at risk. Access control is essential in only allowing authorised persons on-site and in areas where data is stored. Perimeter security like monitored CCTV surveillance too will keep unauthorised visitors out.
- Theft of documents and data storage devices– sensitive data left accessible or unattended on-site can be vulnerable to theft by visitors.
- Social engineering – impersonation doesn’t just happen in cyber space, it can also help unauthorised persons gain access to your site and data. Make sure visitors are who they say they are – think stolen access cards, fake visitors, tradesmen or contractors a.k.a ‘actors’ could have your data in their sights.
- Tailgating – a common tactic to gain entry is to follow authorised visitors as they enter, sneaking in as if they are meant to be there.
Insider threats are becoming more frequent and more costly. 60% of Data Breaches are reportedly caused primarily by Insider Threats. According to a Cost of Insider Threats Study by Ponemon Institute – the global average cost of an insider threat is 197% more than that of an external data breach.
Insiders are typically defined as an individual with legitimate access to company assets who causes harm to the business—whether intentionally or unintentionally. Threats could come from current employees, former employees, contractors, or partners who have access (or previously had access) to an organization’s systems or data.
Insider threats generally encompass everything from an accidental click on a malicious link to a premeditated outright data theft. Security Intelligence defines 4 types of Insider Threats, below.
What are the 4 types of Insider Threats?
Pawns are employees who are manipulated into performing malicious activities, often unintentionally, through spear phishing or social engineering.
Goofs do not act with malicious intent but take deliberately and potentially harmful actions, like storing unencrypted data in cloud storage for easy access to their devices, despite knowing that to be against their organisation’s security policy, for example. Ninety-five percent of organizations have employees who are actively trying to bypass security controls and almost 90 percent of insider incidents are caused by goofs.
A high profile example of this type of Insider Threat were revealed with a record number security breaches, revealed by Sky News in 2020, originating from the British military’s private sectors partners. Secret information belonging to the Ministry of Defence was exposed to hostile states when it was transferred from secure networks to personal email accounts.
Collaborators are users who cooperate with a third party, typically using their access to steal intellectual property and customer information or to cause disruption to normal business operations. This is known as corporate espionage and is more common than you would think.
Lone wolves are entirely independent, malicious insiders who act without external influence or manipulation. Often their actions are driven by revenge or plain old financial gains and can be particularly dangerous due to having elevated levels of privilege, such as administrator rights for example.
Data breaches aren’t always caused with malicious intention. In fact, 22% incidents are the result of a mistake made by an employee according to ITGovernance.
The most common errors involved sensitive information being sent to the wrong person. This might involve sending an email to the wrong person, attaching the wrong document or handing a physical file to someone who shouldn’t have access to the information.
The next most common cause of human error was misconfiguration, which typically involves leaving a database containing sensitive information online without any password restrictions.
Who is at risk from Data Breaches?
When thinking of data breaches, most will think this relates to the big data centres. The UK boasts the largest data centre market in Europe and we estimate there to be as many as 250 data centres (and co-location centres) around the UK.
However, strictly speaking a data centre can be described as a building or dedicated space within a building that is used to house computer systems and associated components, such as telecommunications and storage systems.
Based on that definition, we can add the c.40,000 small businesses with server rooms within their buildings to that number, plus another c40,000 for non-business IT organisations which includes public sector server rooms like local authorities, emergency services and educational establishments (source). That amounts to 80,000+ ‘data centres’ of varying sizes across the UK holding and needing to protect valuable data.
However, any business can be vulnerable to data breaches from physical as well as cyber attacks. For this reason, businesses and organisations cannot ignore the need for a joint approach to cyber and physical security to protect themselves from data breaches. Indeed, there are 65,000 attempts to steal data from small to medium business in the UK every single day.
Whether a hyper-scale data centre or a small business owner operated data centre, physical security has never been so important to keep your site, assets, data and people safe. To help make sure your security is fully optimised to protect your business from physical data breach attempts, Farsight has published the following article outlining a multi-layered security approach:
Let’s Talk about protecting your business
If you would like to discuss protecting a data centre or want to find our more about how Farsight’s range of remote security monitoring services could bolster the protection layers of your data centre security – whether a big hyper-data centre or small business data server room, let’s talk. Either call the Farsight team on 0845 371 0101 or drop us a line in the form below…