Processes & Culture Top Reasons Behind Data Breaches

darkreading

Overview

An analysis of recent data breaches has revealed that despite existing state laws aimed at improving cybersecurity practices, many organizations are still struggling with fundamental issues. Researchers found that inadequate processes and a lack of a strong security culture are significant contributors to these incidents. Many companies are failing to adopt best practices, leading to vulnerabilities that can be exploited by attackers. This situation poses risks not only to the businesses involved but also to their customers, as sensitive data remains at risk. The findings emphasize the need for organizations to prioritize cybersecurity training and implement more effective security protocols to protect against breaches.

Key Takeaways

  • Action Required: Organizations should improve cybersecurity training, adopt best practices, and strengthen security protocols.
  • Timeline: Ongoing since recent analysis

Original Article Summary

Despite state laws meant to improve cyber hygiene, an analysis of incidents shows issues persist and visibility falls short.

Impact

Not specified

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Ongoing since recent analysis

Remediation

Organizations should improve cybersecurity training, adopt best practices, and strengthen security protocols.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Data Breach.

Related Coverage

What public money does to open-source projects

Help Net Security

Open-source software plays a crucial role in the infrastructure of many companies, with about 96 percent of codebases incorporating it. This reliance became evident with high-profile vulnerabilities like the log4j flaw in December 2021, which affected a wide range of applications, from social media platforms to gaming software. More recently, the xz utils backdoor discovered in 2024 has further emphasized the security risks associated with open-source projects. These incidents raise concerns about the stability and security of software that many organizations depend on but do not financially support. As open-source projects often rely on volunteer contributions, the need for dedicated funding and resources to maintain and secure these projects is becoming increasingly critical.

Jul 16, 2026

Ransom demands are down, email is the top way attackers get in

Help Net Security

A recent survey of 2,158 IT and security leaders reveals that email, particularly through phishing attacks, is the primary method for cyber attackers to gain access to networks. In many cases, employees unknowingly open malicious emails and provide their login credentials, allowing attackers to infiltrate deeper into the system. This chain of events often leads to ransomware incidents, where files become inaccessible. Notably, while ransom demands have decreased, the reliance on email as an attack vector remains significant, accounting for half of all reported incidents. This trend emphasizes the need for organizations to bolster their email security and educate employees about the risks of phishing.

Jul 16, 2026

Companies keep getting breached by vulnerabilities they already knew about

Help Net Security

A recent survey by Vicarius reveals a troubling trend in cybersecurity: many companies are getting breached by vulnerabilities they were already aware of. Despite advanced scanning tools that help identify weaknesses across systems, organizations struggle with the subsequent steps of fixing these vulnerabilities. The survey included responses from 300 IT and cybersecurity leaders in the U.S. and the U.K., highlighting a significant gap in the process of assigning, approving, deploying, and confirming fixes. This issue raises concerns about the effectiveness of current cybersecurity strategies and the potential risks to sensitive data. Organizations need to address these gaps to better protect themselves from breaches that could have been prevented.

Jul 16, 2026

GPT-Red beat human red teamers on a prompt injection test

Help Net Security

OpenAI's GPT-Red, an automated red-teaming model, has outperformed human red teamers in testing for prompt injection vulnerabilities. The model operates similarly to a human attacker, sending prompts to a GPT model and analyzing the responses to identify weaknesses. Through a process called self-play reinforcement learning, GPT-Red learns alongside various defensive models to improve its effectiveness in finding and exploiting vulnerabilities. This development raises concerns about the capabilities of AI in cybersecurity, as it can potentially identify and exploit weaknesses faster than human teams can respond. As AI continues to advance, organizations may need to enhance their defenses against such automated threats.

Jul 16, 2026

Finance phishing works because it sounds boringly normal

Help Net Security

Phishing attacks targeting finance departments are becoming increasingly sophisticated and effective. According to research from Cofense, attackers are crafting phishing emails that mimic legitimate business communications, making them harder to detect. These emails often bypass advanced email security tools, such as AI-based secure email gateways, because they lack the typical urgency cues that would raise alarms. This tactic poses a significant risk to organizations in the financial sector, as employees might unknowingly engage with these deceptive messages, potentially leading to data breaches or financial loss. Companies need to enhance employee training and awareness to combat these subtle phishing efforts.

Jul 16, 2026

Dutch police bust investment fraud ring stealing over €100 million

BleepingComputer

Dutch police have arrested several individuals connected to an international investment fraud scheme that has reportedly defrauded over €100 million from tens of thousands of victims. The suspects are believed to have lured investors with promises of high returns, often targeting individuals through online platforms. This crackdown is part of a larger effort to combat financial fraud, which has been on the rise, particularly with the increase in online investment opportunities. The police are now investigating the full extent of the operation and are urging anyone who thinks they might have been a victim to come forward. The implications of this fraud ring are significant, as it not only affects individual investors but also undermines trust in legitimate investment practices.

Jul 15, 2026