How User Error Can Lead to Data Breaches

How User Error Can Lead to Data Breaches

When we imagine data breaches, we tend to see the hackers involved as being particularly skilled. They must have put in a lot of work to find a company’s security vulnerability.  And because hackers are really good at what they do, demand for cybersecurity is high…right?

Unfortunately, that isn’t what reality is like. Data breaches don’t happen due to the existence of skilled hackers. They happen when security systems are flawed in how they’ve been configured by users and admins.

Why We Fail To Configure Technologies Properly 

Technology (including IT) is complicated. Most people cannot give an in-depth explanation of how the technology they use on a daily basis operates.

In fact, when you get to the essence of things, data breaches happen because technology is complicated. Complicated things are hard to configure (and you cannot avoid the need to configure technology). When your configurations have a serious flaw, it doesn’t take a particularly skilled hacker to discover them.

Criminal Hackers Have the Knowledge Advantage

A criminal hacker only needs to find one vulnerability to breach a system. The cybersecurity professionals that configure security systems might possibly know more about security than most criminal hackers. However, the criminal hacker only needs to be one step ahead just once to pull off a breach. They have the advantage.

How User Error Lead to the Capital One Data Breach

How exactly can just one misconfiguration lead to an entire data breach?

To see how, we look at the Capital One breach that happened in March 2019, in a cloud environment. 

The cause of this breach was a simple misconfiguration of a web application firewall (WAF), which is normally in place to prevent unapproved access to cloud resources.

Rather than preventing access, the misconfiguration in the WAF allowed the hacker to obtain temporary full access credentials to Capital One’s AWS (cloud) resources.

With said access, the hacker didn’t need to do anything out of the ordinary to execute the breach. They used normal AWS admin commands that were commonly and frequently used to then download user credentials to their system. 

Because the hacker’s behaviour wasn’t visibly noticeable, it wasn’t until Capital One was tipped onto this breach by a third-party in July that it was discovered. 

Fortunately, according to Capital One, “no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised.”