Story image

The 5 most common reasons for corporate data loss

27 Jun 16

Article by Josep Albors, WeLiveSecurity analyst

There is no doubt that one of the main assets of a company is the data it stores. Information about customers, employees and finances, among other types of records, should be adequately protected and available whenever they are needed. For this reason, companies that appreciate the value of their data invest adequate resources both into protecting them and to recovering them in the event of a serious incident.

But how serious does an incident need to be for vitally important data to be lost? A recent study by Kroll Ontrack revealed very interesting data gathered using the company’s data recovery tool.

Let’s look at the main reasons for corporate data loss or leakage. Below is the complete list, together with the proportion of cases for each reason:

  • Undetected drives 25%
  • Not powering on 11%
  • Device dropped from height 10%
  • Deleted files 9%
  • Corruption 7%

Hardware failures

According to the study, the main problem – accounting for 25% of the total number of cases – is failure to detect the storage drive. That is logical, especially if we are talking about hard drives and flash drives, which are used in mass storage devices in all kinds of corporate environments despite being much more prone to failure than other more reliable types of devices, like magnetic tape.

Furthermore, the increased use of solid-state drives (SSD) with flash memory in recent years will undoubtedly have pushed this percentage up. These types of drive offer faster access to data than conventional mechanical hard drives, but also are more prone to failure if used to write data continually, which is why they are not recommended for use in servers or in computers where reliability is critical.

Another of the big problems behind corporate data loss is the device not powering on, which can be caused by a failure in the power supply or in other components. Curiously, in third place, we find one of the reasons that can cause hardware to fail, and that is the device being dropped on the floor from height.

We should bear in mind that normally such hardware failures don’t necessarily have to result inirreparable loss of data, as it can usually be recovered by using forensic analysis tools or even, in cases where the device has been damaged but the disk itself still works, by placing the disk in a new device.

Software failures

In fourth and fifth place in the table, we can find two reasons that tend to be caused by software failures occurring at the same time as the data is being used, or malware that directly affects the stored data. So here we are talking about files being deleted (accidentally or deliberately) or becoming corrupted.

Both of these reasons can be caused by the user making a bad decision or by a system failure, but in recent months we have seen how ransomware has become a major threat to corporate environments and its malicious actions can include the two causes of data loss mentioned above.

Data corruption is self-evident, given that ransomware encrypts the files, making them inaccessible unless they are decrypted. In order for that to happen, cybercriminals will demand a ransom, which may be large or small. It goes without saying that we do not advise paying such ransoms, because by doing so we would be giving these criminals more of an incentive to keep creating new versions of similar threats.

As for data deletion, we have recently seen cases of ransomware like Jigsaw, which deletes a certain number of files every so often if we do not yield to its demands, and deletes even more files if we try to restart the system.

The importance of prevention

Faced with such incidents, which can put companies in a serious predicament if they do not respond in the right way, the best solution is prevention and having sufficient measures in place to recover the affected data as quickly as possible, so that the company can keep its operations running normally.

Here we are talking about things like security measures provided by an antivirus solution if we want to prevent the kinds of damage that malware can cause. For hardware failures though, the best thing is to have a backup system that can quickly restore not only the data, but also the system on which it is stored, thus minimizing the response time and enabling the company to keep operating normally.

We have to bear in mind that the results of this type of incident can be irreparable, so it is best to be prepared so you can respond adequately if and when it does happen.

Article by Josep Albors, WeLiveSecurity analyst.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.