December 24, 2024 Demystifying Blockchain in Simple English

Human error is by far the real perpetrator of most data leaks!

Data privacy has never been such a hot topic. Media outlets around the world are covering extensively the issue of cyber attacks and security threats that leave big companies counting the costs of data leaks. However, it appears that the cause of data leaks is only for a tiny part attributable to external threats. The leading Dutch data leak reporting system reveals that in reality, unintentional human error before and after sharing sensitive information is the most significant concern in regards to sensitive data breaches.

recent report by DLA-Piper shows an enormous variation in the number of data leaks reported in European countries since the inception of the General Data Protection Regulation (GDPR). Interestingly the report showed that the Dutch reported most data leaks by far, with about five times more per inhabitant than for example, Germany, the UK, and 25 times more than in Belgium.

In the Netherlands 20.881 data leaks were reported to the Dutch Data Protection Authority in 2018. An astonishing 63% of reported compromised private information was due to data being sent to the wrong recipient. These incidents come down to a variety of occurrences such as emails being sent to the wrong individuals, or specific information being disclosed by mistake in response to a request. Other reasons included losing a letter or receiving it back opened (9%), lost or theft of a storage device such as a USB-stick (7%), and hacking, malware, and phishing (together 4%).

The numbers acquired by the Dutch report raise some questions such as:

  • Why is the number of data leaks reported in the Netherlands so much higher than in other European countries?
  • Why is the human error issue when it comes to data protection, not a central topic of conversation in a moment in time when privacy is the center stage?
  • What are the solutions to preventing human error, and why are they not widely implemented?

To answer these questions, it is necessary to take a more in-depth look into Dutch culture, the media, and how organizations around the world deal with data protection.

The Dutch reporting culture as a world benchmark for digital data protection.

On January 1st, 2016, the Netherlands upgraded the Dutch Data Protection Act with mandatory reporting of data leaks with the risk of a fine for those who would fail to comply with this requirement. It was then one of the first fully comprehensive set of rules regarding data leak prevention and reporting in the world. The highly organized Dutch public authorities were in the process of digitization of its data and operations. Such protection act was seen as necessary to protect the Dutch citizens from possible private data mishandling, as well as, to promote trust in the country’s digitization efforts. It was used as one of the references, notably together with the deeply rooted German data protection laws for the creation of the GDPR which was enforced in the entire EU on May 25th, 2018. Among the many concepts used as a reference, the timely reporting of incidents was made into one of the GDPR’s centerpieces.

Coming from the Dutch this fact isn’t surprising, data reports regarding events that happen in the Netherlands can be found for just about anything. Organization and record-keeping is part of the Dutch DNA, something as simple as taking a look at a regular Dutch person’s agenda would prove this point. The Dutch also have one of the best infrastructures of fast and stable internet connections available, and the highest use of electronic file sharing; such as patient records in hospitals and GPs in the world.

The alarming number of 20.881 events of data leakage in the Netherlands in 2018 does not translate into a higher number of attacks compared to other countries. Instead, it reflects the number of reported events. When comparing similar statistics measurements from other European countries since the implementation of the GDPR directive, it becomes evident that the Netherlands is far ahead in regards to data leakage reporting, as shown in the chart below.

Why may data leaks due to human error come as a surprise?

2018 has been a historical year concerning the amount of reported high profile data leaks. Ironically, it was also the year when the GDPR was put in place, as previously mentioned. Companies that operate in the European Union are now held accountable for data protection and must disclose data breaches promptly or face massive fines. Data privacy was one of the most discussed topics in 2018. Throughout the year, we were bombarded with news headlines such as:

  • CAMBRIDGE ANALYTICA’S FACEBOOK DATA WAS ACCESSED IN RUSSIA.
  • FITNESS APP POLAR EXPOSES THE PERSONAL INFORMATION OF U.S. MILITARY.
  • EXACTIS EXPOSES NEARLY EVERYTHING ABOUT 230 MILLION AMERICANS.
  • AADHAAR LOGIN BREACH REVEALS DATA ABOUT EVERYONE IN INDIA.
  • MARRIOTT HACK AFFECTS HALF A BILLION PEOPLE WHO STAYED AT ITS HOTELS.
  • GOOGLE PLUS EXPOSED THE DATA OF 52.5 MILLION PEOPLE.

There are a plethora of news articles regarding these incidents, and their consequences were widely reported in detail. The media focuses on covering high profile data breaches involving large data sets. Individual occurrences are less attractive, which leaves audiences oblivious in regards to the costs of research & repair, and the potential image damage related to isolated episodes. It results in public opinion assuming that the sole responsibility for these attacks is related to hackers, lack of proper cybersecurity, or cyber warfare.

The sensationalism of pointing the finger to the bad guys certainly makes a more exciting story for news consumers, since humans are fascinated by criminality. Unfortunately, the high likelihood that these incidents could have been caused by human error was underreported or not reported at all. Leaving the general public unaware that danger is much closer than most people think in regards to data protection. The threat is most likely an innocent and well-intended human that commits an unintentional error. Such a realization should prompt businesses and major institutions to take a more proactive approach to sensitive data protection. The lack of awareness regarding the correlation of data leaks and human error answers the question of why preventive solutions are not widely implemented.

Putting the correlation between human error and data leaks into perspective.

The vast majority of organizations nowadays are still highly inefficient at keeping sensitive data safe. The healthcare industry is a great example. The British publication The Register that covers IT and Technology News reported that healthcare tops UK data breach charts. Nearly half of all data breaches reported (43 %) happened within the sector, and that human error was the primary cause. Also in the Netherlands, the healthcare sector reported the highest number of data leaks.

The political sector is another excellent example. Considering the sensitive nature of data regarding politics, and the threat that data leaks impose to national security and the personal welfare of politicians, it is natural to assume that such data would be handled in the absolute highest level of protection available. Nevertheless, in late 2018 German politicians were hit by a massive data breach, ITNews reports. The personal data and documents from hundreds of German politicians and public figures including Chancellor Angela Merkel have been published online in what appears to be one of Germany’s most far-reaching data breaches ever recorded. The Interior Minister Horst Seehofer said in a statement that the incident was caused by, “wrongful use of log-in information for cloud services, email accounts or social networks.”

In the finance industry data leakage due to human error can have disastrous consequences. On March 31st, 2017, a security researcher noticed a cache of unencrypted consumer information from Scottrade Bank, the banking arm of Scottrade Financial Services, on publicly accessible servers. The database contained names, addresses, and social security numbers of Scottrade contacts, as well as usernames and passwords for various employee accounts. A few days later, it became clear that the data was uploaded in error by a third-party vendor, a professional services firm called Genpact. The breach exposed the information of around 20,000 Scottrade customers. This was one of many data breach incidents associated with the bank in the last decade; for that reason, the American Financial Industry Regulatory Authority fined Scottrade US$2.6 million.

The legal sector has seen an exponential rise regarding data security incidents, as reported to the UK’s Information Commissioner’s Office. It is estimated that in the past two years, the number of data leaks has risen to 128%. Human error accounted for the vast majority of events, led by data being emailed to the wrong recipient.

While the blame game that puts all of the responsibility onto hackers worked for a moment, the general public and legislation authorities are now holding organizations accountable for data breaches, especially now with GDPR in action. The new European regulation could fine companies up to 4% of their global revenue for non-compliance.

Emailing and file sharing pose the highest threat to data leaks.

Public & private organizations and institutions, more than ever, should take data security very seriously to avoid preventable costs and legal repercussions related to data leaks. All around cybersecurity is of most importance for both external and internal threats. However, since sensitive data is most vulnerable internally, organizations should take extra precaution by implementing solutions that prevent data leakage from within. Particular attention should be given to digital communication in all forms, as most of the data leaks reported stem from employees communicating via email, paper or portal. Especially, emails are more than ever the primary form of interaction in many businesses. On average, employees spend about two hours per day working with emails. It’s thus not surprising that email data breaches had been the primary cause of sensitive data leakage as reported by the UK’s independent authority ICO (Information Commissioner’s Office). According to the chart below, 93.8% of data breaches were caused by non-malicious human interference happening inside organizations. Considering the ICO report, it’s easy to deduce that the majority were related to emails sent to wrong addresses, similar to the 63% in the Netherlands.

Email protection platforms are a simple solution for the costly data breach problem.

Emails winding up in the wrong hands can have devastating effects on a business. Such an error can have significant ramifications ranging from client information being compromised, to direct financial loss or significant reputational damage. With this in mind, businesses must have an enterprise communication security platform implemented to stop their primary risk of data leakage: misaddressed email messages or unintended information disclosed.

An enterprise communication security platform could prevent data leakage before it happens via email or other forms of digital communication, moreover not merely report an error after it’s already occurred. Cybersecurity solutions that can automatically classify sensitive data, evaluate employee behavior, and intervene to prevent a breach would be the best alternative. For companies that work on a big scale with large amounts of employees, it’s also essential to implement firm-wide staff training on email security.

As human error concerning information leaks consistently cost economies millions each year, this reality is turning into a strategic imperative for the implementation of safety platforms and software that can keep it to a minimum. ZIVVER is a perfect example of an all-around Dutch data protection platform that focuses on GDPR compliant data sharing. Not only by including email encryption, but especially in helping users select the correct content (‘your attachment A contains social security numbers, is that correct?’), the correct recipient (‘you never shared medical information with John Doe before; are you sure?’) And the right security measures (‘you are about to share sensitive financial information; do you want to add security to your email?’). This helps organizations in addressing 90+% of the causes of data leaks and significantly reducing the negative impacts of human error in digital communication and file sharing, as well as, preventing possible prosecutions related to GDPR non-compliance.

Conclusion

While mistakes help us learn, with regards to data leaks, it is essential to learn from the best ones and eliminate the rest. That is when the Dutch come to the rescue delivering comprehensive reports that can be used as a worldwide reference for digital communication security. If the Netherlands with its reporting culture, record keeping, innovative mentality, and incredible infrastructure & technology can protect an entire country from the cold waters of the north sea one can only imagine its capabilities in regards to data protection. In this field, the Dutch are way ahead in the game. A game that shows that you need to help and educate your employees in dealing with sensitive data if you want to win it and keep your company safe.

Get in touch with me on LinkedIn and follow me on Medium.

About Author

Related Posts

Web3 Evolution Challenges: Interoperability, Centralization, and Value

May 15, 2024

May 15, 2024

Introduction The concept of Web3 represents a transformative evolution in the digital landscape, promising a decentralized framework that shifts control...

The Tokenization Revolution: A New Era Across Sectors

February 4, 2024

February 4, 2024

I. Introduction In the new digital age landscape, a new trend is taking the world by storm: tokenization. This process,...

Propelling Cryptocurrency Payroll in Enterprises

March 19, 2023

March 19, 2023

The rapid growth of cryptocurrencies and the increasing number of remote workers across the globe have created new opportunities for...

Kleros and Bulla Network Use Case: Revolutionizing Web3 Commerce and Dispute Resolution

February 7, 2023

February 7, 2023

Web3 technology has revolutionized how we transact, manage finances, and interact in the digital world. However, as with any new...

The Vital Role of Zero Knowledge Proofs for Web3’s Mass Adoption

November 26, 2022

November 26, 2022

The various stages of the internet’s history have resulted in distinct improvements in user experience. Only static web pages with...

INTEROPERABILITY – Web3’s primary challenge to mainstream adoption.

April 12, 2022

April 12, 2022

Today, the great majority of us are reading articles, interacting with friends, working with colleagues, and buying items using apps...

How will Web3 potentially transform a decentralized world?

April 5, 2022

April 5, 2022

As the public becomes tired of Big Tech’s invasions of privacy, Web3’s decentralization concept has never looked stronger. Nearly 4...

What is Web3? Are you ready for it? And why should you care?

April 2, 2022

April 2, 2022

There’s a catchphrase that tech, crypto, and venture-capital folks have recently been obsessed with. Conversations are now littered with it,...

The Future of Clinical Trials Belongs to Blockchain Technology

November 28, 2021

November 28, 2021

Rising drug development costs (estimated between $643M and $2B) and the length of time (anything from 6 to 14 years...

The Future of Climate Change Belongs to Blockchain Technology

October 14, 2021

October 14, 2021

The power consumption of bitcoin and other comparable blockchain networks has drawn them into a broader discussion about sustainability in...

The Future of the Energy Industry Belongs to Blockchain Technology

September 26, 2021

September 26, 2021

Blockchain technology can completely revolutionize the energy industry. Innovations such as rooftop solar panels, electric cars, and smart metering have...

The Future of Media and Entertainment Belongs to Blockchain Technology

August 1, 2021

August 1, 2021

Protecting and monetizing intellectual property is critical in media and entertainment. Blockchain technology has industry-wide benefits for media firms, potentially...

The Future of Politics Belongs to Blockchain Technology. Part2 – Government Services

May 24, 2021

May 24, 2021

The numerous benefits of a decentralized government focused on increasing the efficiency of government bodies, not only in terms of how they operate but also in terms of where they rank on the public loyalty scale.

The Future of Politics Belongs to Blockchain Technology. Part 1 – The End of Corruption?

April 25, 2021

April 25, 2021

Blockchain technology has the potential to play a critical role in combating government corruption. Since incorruptibility is at its core,...

The Future of Agriculture Belongs to Blockchain Technology. Part 3 – The Procurement Fix

April 23, 2021

April 23, 2021

Link to part 2 Our planet as we knew it no longer exists due to the Covid-19 pandemic. As the...