Breach types: Another day, another data breach.ThriveDX

Data Breaches 101: Breach Types

October 7, 2022
Christopher Dale, Content Marketing Manager, ThriveDX's Enterprise Division

You may have heard a word or two about data breaches lately. They’re becoming increasingly common, and it seems like you can’t go a week without hearing about another one from varying breach types.

It seems like that because statistics show that cybercriminals steal or compromise 68 records every second. If your organization isn’t already a victim of a data breach, chances are that you eventually will be, especially if you don’t have proper security measures in place.

It’s hard to quantify the worst thing about data breaches because each one is different. So far the average data breach costs $4.35 million in 2022. But it’s not just money spent on lost business or paid ransoms. It’s also time spent getting back online, making things right with customers, trying to undo reputational damage. Many organizations never recover.

What is a Security Breach?

But what exactly is a data breach? This post will give you a crash course on data breaches, including why they happen, and go over some data breach types.

A security breach, also known as a data breach, is the unauthorized access to or disclosure of confidential information. Stolen login credentials, pilfered funds, or a leak of intellectual property are all types of data breaches. A security breach can affect any organization, regardless of size.

Security Breaches Can Compromise Almost Anything, Including:

• Personally identifiable information (PII), like a Social Security or Tax ID number

• Protected health information (PHI) such as medical records / prescriptions

• Financial information like credit card numbers and mortgage accounts

Breaches can majorly impact organizations of any size both financially and reputationally. For instance, if your organization’s data breach results in threat actors stealing customer identities, you may be subject to costly fees and penalties in addition to the lost business and untold reputational damage you’ve both incurred.

But how costly, you may ask. Considering that Amazon and WhatsApp recently paid $877 million and $255 million in GDPR fines, respectively, the answer is very costly.

Why Do Data Breaches Happen? Top 3 Reasons

1. The Human Factor

It may surprise you that humans are by far the leading cause of data breaches. Human error accounts for over 95% of security incidents, according to data released in late September 2022 by the World Economic Forum.

Humans are a persistent liability when it comes to cybersecurity for several reasons. One key reason is they’re human, and humans make mistakes. If someone impersonating your CEO asks you to wire someone else funds, will you refuse or want to please the boss? “Eager to please” is a distinctly human vulnerability so threat actors will continue targeting humans until we wise up.

A recent report shows that employees open 42% of all phishing emails and might go on to click on malicious attachments or links. Once they do, the cybercriminals have all the information they need to commit fraud or steal data.

Other ways humans can contribute to data breaches include:

• Using weak passwords and not changing them often

• Failing to update software and applications

• Sharing confidential information with unauthorized individuals

• Leaving laptops, smartphones, and other devices unsecured in public places

You can avoid these security lapses by providing employees with security awareness training. A cyber-savvy workforce is a safe workforce. After all, the first step to stopping a problem is identifying the problem. Awareness training walks employees through real-world phishing simulations so they can identify phishing attacks and other cyber threats.

2. Malware

Malware is malicious software that infects your devices, allowing hackers to potentially (among other things) access your confidential information. There are many types of malware, including viruses, ransomware, and spyware.

How does malware get on your devices in the first place? In many cases, employees click on malicious attachments or links in phishing emails, downloading, and installing malware on their devices. After all, attackers use emails to deliver 92% of all malware.

Once the malware is in place, it can do any number of things, including:

• Stealing confidential information

• Encrypting files so you can't access them (ransomware)

• Spying on your activities (keyloggers, remote access trojans)

• Deleting or corrupting files (the new trend in ransomware

Businesses should have strong cybersecurity measures to protect networks from malware. This includes investing in a secure email gateway, following DMARC protocols, running endpoint security software, firewalls, and keeping everything patched and up to date.

3. Physical Cybersecurity (or lack thereof)

You might not think of physical security when you think of cybersecurity, but it’s just as important. After all, if someone can physically access your devices, they can easily steal confidential information or install malware. Around the United States, counties are installing new election equipment after unauthorized individuals accessed voting equipment.

Malicious individuals can steal devices containing crucial data. This includes hard drives, servers, DVDs, thumb drives, tablets, cellphones, and desktops. The data breach resulting from the physical theft of these devices will depend on the type of data contained in them.

You can prevent physical data breaches by keeping all devices in a secure location and making sure that only authorized personnel can access them. You should also use security cameras and alarm systems to deter thieves.

Breach Types

You should be aware of different breach types to better protect your organization from them. The following are some of the most common types of data breaches:

1. Ransomware

This type of malware encrypts files on your devices, making them inaccessible. The threat actors then demand a ransom to decrypt the files. Recent variations of ransomware include corrupting or outright deleting the files. Or they’ll exfiltrate your files for the purposes of double extortion – pay up for your files back, or they’ll release them to the world.

2. Business Email Compromise (BEC)

These attacks are phishing emails that do not have a payload such as a URL or attachment. Instead, they use impersonation and knowledge of the company structure or common transactions to convince employees to wire money or data, or to change bank account information for pending payments.

For example, threat actors might impersonate a CEO and ask other workers in the company to complete a task like paying an invoice or sending him/her (the “CEO”) current W2 forms for all employees. The evil genius thing about BEC attacks is that they exploit employees’ innate desire to please the boss.

According to the FBI’s 2021 IC3 report, BEC attacks were the biggest contributor to cybercrime losses, with victims losing $2.4 billion from 19,954 complaints.

3. Stolen Information

This data breach occurs when cybercriminals steal your company’s confidential data. They can steal the data through physical means, such as confiscating a laptop or hard drive. They can also pilfer it electronically, through hacking. They can even abscond by “tailgating”…essentially camouflaging themselves amidst a large group of employees returning from lunch.

4. Phishing

Most data breaches begin with phishing. Over 91% of all cyber attacks begin with a phishing email to an unsuspecting victim. This is a type of social engineering attack in which cybercriminals send emails that appear to be from a trusted source.

The goal is usually one of three things.

Convince victims to click on a malicious link or attachment, infecting their computer with a virus or other malware.
Convince recipient to visit a “spoofed” domain, tricking the victim into entering their real credentials (credential theft).
By impersonating someone else (often a boss), trick the victim into wiring money or sending confidential data (BEC attacks).

5. Password Guessing

A data breach can happen when cybercriminals steal your passwords. This can happen if your employees leave computer passwords on sticky notes or if your passwords are too easy to guess.

It can also happen via a brute force attack.

6. Distributed Denial of Service (DDoS Attack)

Due largely to Russia’s war in Ukraine, Sysdig found that DDoS attacks are up four-fold in 2022. This builds on DDoS’ prevalence increasing 11% during 2021’s first quarter. This attack occurs when hackers flood a server with traffic, causing it to crash. The traffic can prevent users from accessing the resources they need.

7. Malware

Malware is a bit of an all-encompassing term here, but malware is simply malicious software that gives attack groups control over your devices. Malware can be used to steal private information, launch attacks on other systems, and commit fraud. Technically ransomware is a type of malware.

8. Keystroke Loggers

Cybercriminals can use keyloggers to record keystrokes or what you type on your device. This can give them access to passwords, confidential information, and other sensitive data.

Protect Your Company From Data Breaches

Data breaches are a serious problem that can have real financial and reputational consequences for organizations. Because human error causes 95% of data breaches, the most immediate and cost-effective solution with long lasting benefits continues to be security awareness training.

If people are the problem, people will be the solution. In most cases, people don’t even know what they don’t know. In other words, they would not only not recognize a phishing attack, but they would also not know why it matters. Security Awareness Training taught in a consistent, ongoing fashion with real world attack simulations solves this issue. After all, if employees are the “last line of defense,” you might as well educate them on the war.

For more information on ThriveDX Security Awareness Training, please visit here.

Christopher Dale is content marketing manager for ThriveDX’s Enterprise Division. He has worked in the cybersecurity field for almost 14 years in PR, social media and content development roles for a range of companies including ESET, Forcepoint, Cylance (Blackberry) and Proofpoint. He holds Bachelor of Arts degrees in Political Science and Rhetoric & Communication from the University of California, Davis.

Protect Your Organization from Phishing

Article

How Project-Based Learning Is Transforming Cybersecurity Education

Project-based learning can prove incredibly useful to bridge the gap between theory and practice

Article

The Crucial Role of Entry-Level Cybersecurity Positions

With cyber threats increasing daily, entry-level cybersecurity roles can be critical to maintaining enterprise

Article

Cybersecurity Education is Getting an Upgrade: How Immersive Bootcamps are Leading the Way

Elevate cybersecurity education: explore Cybersecurity Apprenticeship Program for hands-on learning and job opportunities.

Article

3 Surprising Ways to Change the Narrative for Diversity and Inclusion in Cyber

A diverse and inclusive team is important for identifying risks and vulnerabilities and developing

Your Trusted Source for Cyber Education

Sign up for ThriveDX's quarterly newsletter to receive information on the latest cybersecurity trends, expert takes, security news, and free resources.