8. Too Many Permissions
Attackers use weak and stolen passwords to masquerade as privileged users. The Verizon teams' analysis of the 2012 caseload found that two-thirds of breaches involved data stored or "at rest" in databases and file servers. Memory scraping malware, spyware and skimmers were responsible for the rest of the stolen data. "There were no instances in which data was compromised in transit," Verizon said. The data suggests that organizations should review user privileges and harden databases and file servers to prevent unauthorized access to the data or at least slow an attacker down, increasing the chances of detection. In addition, employee use of unapproved hardware and privilege abuse accounted for 13 percent of all breaches analyzed.