Summary

Errors are unintentional actions, typically taken by an Internal actor, but Partner actor errors also occur. Misconfiguration of database assets being found by Security is a growing problem. Employees sending data to the wrong recipients also continues to be a significant issue.

Frequency

919 incidents, 896 with confirmed data disclosure

Threat Actors

Internal (99%), Partner (1%), Multiple (1%) (breaches)

Data compromised

Personal (79%), Medical (17%), Other (13%), Bank (13%), Credentials (13%) (breaches)

The Miscellaneous Errors pattern should be a familiar frenemy from years gone past. We have included this pattern since the beginning, and the errors have remained constant. What can we really say about this pattern? Humans make mistakes, often at scale. This pattern consists of Internal and/or Partner actors only.

We show the breakdown for Internal actors in Figure 61, and they are relatively intuitive since both system administrators and developers typically have privileged access to data on the systems they maintain. However, the adage of ‘to whom much is given, much is expected’ assuredly applies here. When people in these roles do make mistakes, the scope is often of much greater significance than the foibles of an average end-user.

Allow us to take you on a tour of parings—no, not wine and cheese, but Actors and Actions. Given the pairing of sys admins and developers with the Misconfiguration action varieties (Figure 62), you can imagine that this combination can wreak havoc on the confidentiality of an organization’s data, or that of their customers’ or employees’.

The other pairing we frequently observe is data stores (such as relational or document databases or cloud-based file storage) being placed onto the internet with no controls, combined with the security researchers who search for them (Figure 63). These rather undesirable combinations have been on the rise for the past few years.

Sadly, Misdelivery remains alive and well in our dataset, and while a number of these breaches are electronic data only (e.g., email to the wrong distribution list), there remains a significant number that involve paper documents (Figure 64). These are particularly common in industries in which large mass mailings are a preferred method of getting information to the customer base. One example being when the envelopes become out of sync with the contents. Many of these events could be avoided by a basic sample check at different points during the mailing process. Nevertheless, we continue to see this occurring regularly, but rarely with any of our bills (those always seem to arrive on time).

The Assets involved in Error actions run the gamut, from the aforementioned misconfigured databases to physical documents and user devices (Figure 64). A certain portion of this is from Asset loss, although if the device is configured such that unauthorized data access cannot be confirmed, it would be considered as an incident rather than a breach.

Personal data is the most commonly disclosed data type in these cases by a wide margin (Figure 65). Medical data is also exposed in this manner, but not nearly as often. The other data varieties represented appear in much smaller quantities.

Just take a gander at that lovely Discovery timeline in Figure 66. See how it flexes all of those breaches discovered within hours and days of the event? Surely this is the story of successful detective controls! Actually, it may be because people usually realize they goofed fairly quickly. But just in case they don’t, they have the added safety net of legions of devoted security researchers out there scouring the internet with their specialized search engines just looking for mistakes.