There have been dozens of mega-breaches in the past decade and over 9,000 reported breaches. Unsurprisingly, many breaches are unreported, as shown by credential dumps available on the Dark Web of which a breached organization may be completely unaware. What's going wrong? Why haven't we been able to stop these breaches?
In past years, we've seen a plethora of security compliance standards rise — PCI, ISO 2700x, NIST 800-53, HIPAA, and others — which require hundreds of checkboxes to be addressed. However, most breached organizations have been compliant at the time the breach occurred. While compliance brings many advantages for helping organizations get more secure, it isn't sufficient to prevent most breaches.
The primary reason for these incidents to take place so often is that, as an industry, we haven't been focusing on the root causes of breaches. From my analysis of mega-breaches and thousands of other reported breaches, there are six "technical" root causes that must be addressed, which are:
Phishing/Account TakeoverPhishing was used in many mega-breaches, including those at Yahoo (disclosed in 2016) and Anthem (disclosed in 2015). Even as recently as last year, Verizon reported in its "Data Breach Investigations Report" that phishing was still responsible for 25% of breaches.
MalwareMalware was a key tool used by the attackers in the Marriott breach, cisos learn breaches focus causes
