Top 5 Cyber Attacks and Security Breaches Due to Human Error

Despite the rapid rise in cyber security growth rate over the last few years, organizations worldwide are still haunted by the increasing number of cyber attacks. The major reason for this is that while organizations are spending a lot of money and resources on strengthening their technological defenses, they often overlook the human aspect of security. After all, the technical security solutions, no matter how sophisticated, can only help if humans utilize them properly.

Human error is one of the major contributing factors to the majority of cyber security breaches. In several cases, human error has allowed hackers to access an organization’s sensitive data and encrypted channels. In fact, according to the IBM Cyber Security Intelligence Index Report, 95% of cyber security breaches are primarily caused by human error. Also, the Cost of a Data Breach Report 2020 by IBM states that the average cost of cyber security breaches caused by human error stands at $3.33 million.

Major Security Breaches and Cyber Attacks Due to Human Error

There have been numerous high-profile cyber attacks and security breaches caused by human error, bringing several renowned organizations to their knees. So, here are the top 5 examples of how a reckless mistake costs a successful company so dearly.

#1 Strathmore Secondary College

In August 2018, an employee at Strathmore Secondary College accidentally published student records relating to more than 300 students on the school’s intranet, which is accessible by all the students and parents. The published records revealed highly sensitive information about students with conditions like ADHD, acquired brain injuries, Asperger’s, and Autism. These records also included information on whether students were on medication, were receiving government support, or had any treatment plans. In this case, a grave human error exposed immensely sensitive information about hundreds of students.

#2 Pennsylvania Department of Education

In February 2018, an employee in the Pennsylvania Education Department’s Office of Administration made an error that compromised the state’s Teacher Information Management System (TIMS). The TIMS database holds personal information related to teachers applying for and holding teaching certifications in Pennsylvania. The compromised database temporarily enabled anyone who logged into it to access the personal information of other users including teachers and the staff of school districts and the Department of Education. This security breach caused by human error affected around 360,000 current and retired teachers.

#3 Toyota Boshoku Corporation

A European subsidiary of the Toyota Group, Toyota Boshoku Corporation, suffered a massive BEC attack in August 2019 that cost the company $37.3 million. On 14th August 2019, the auto parts supplier was tricked into making a large fund transfer into the hackers’ bank account. The threat actors posed as one of the subsidiary’s business partners and sent carefully crafted emails to members of the accounting and finance departments. These emails requested that the funds be sent into a specific bank account, which was controlled by the hackers. Soon after the transfer was made, the company’s security experts realized that they had been duped. However, by then, it was too late to stop the transfer.

#4 Sequoia Capital 

Known for being one of Silicon Valley’s oldest and most notable venture capital firms, Sequoia Capital was hacked in February 2021. Counted amongst the major recent cyber attacks due to human error, this hack exposed some of the personal and financial information of its investors to a third party. The cyber attack succeeded when one of Sequoia’s employees fell victim to a phishing attack. Focused on energy, enterprise, financial, healthcare, mobile, and internet startups, this VC firm has more than 1100 corporate clients in addition to over 200 international clients.

#5 Leoni AG

In 2016, a leading wire and cable manufacturer, Leoni AG, was scammed out of $44 million by a devastating BEC attack. Cybercriminals impersonated the company’s senior German executive to send emails to an employee working in the finance department of the company’s factory in Bistrita, Romania. The email was carefully crafted using inside information to look perfectly genuine and requested a transfer of $44 million from the company’s bank account. It tricked the employee into making the payment and the stolen money was switched to a different bank account in the Czech Republic.

Mitigating Human Error to Prevent Cyber Attacks

As the above-mentioned instances clearly indicate, even a single reckless human error can have devastating consequences for your organization. No matter how many expensive and sophisticated technological security solutions you invest in, your business will only be safe when the human aspect of your organization is defensible as well. The only way to make your defenses ironclad is to make sure your employees are prepared for the worst.

Making your employees cyber resilient is just what you need to ensure the safety of your organization amidst the rising terror of cybercrimes. For this, you need an effective cyber security awareness training program that can educate your employees about the advantages of following the cyber security best practices. Training your employees in the basics of cyber security will make them more vigilant and prepared to successfully take on cyber attack attempts.

How Can ThreatCop Help?

One thing that you need to keep in mind while selecting the suitable cyber security awareness training program for your employees is that it should be just as engaging and interesting as it is informative. It is essential that your employees not just attend these training sessions but also retain the knowledge they impart and apply it in everyday life. This is where Threatcop comes in.

Threatcop’s Security Awareness Training is a cyber attack simulator and security awareness training tool that equips your employees with the knowledge they need to detect and prevent cyber attacks. It allows you to launch dummy cyber attack campaigns on your employees to provide them with real-life experience in dealing with cyber attack attempts. This can also help you test your employees’ response to cyber threats and assess the real-time threat posture of your organization.

In addition to realistic cyber attack simulation, Threatcop’s LMS also offers an extensive library of engaging and informative cyber security awareness content like advisories, newsletters, posters, and videos. Moreover, the tool lets you compare the vulnerability levels of your employees before and after the simulation campaigns with the help of interactive quizzes and assessments. So, implement TSAT to create a cyber hygienic work culture by making sure your employees are as cyber resilient as possible.