Today’s interconnected digital landscape has enabled organizations to unlock new levels of efficiency via automation, cloud storage, modernization of legacy applications, and much more. Unfortunately, the increasing reliance on digital systems and capabilities has also attracted an ever-growing number of malicious actors seeking to defraud businesses through phishing, social engineering, or ransomware attacks.
The end result of these types of cyber attacks are often highly public and damaging data breaches. Data breaches caused by weak security measures and procedures result in severe monetary losses, erosion of clients’ trust, and irreversible reputation damage to organizations in the healthcare, financial services, technology, and retail industries, as well as government and public sector entities.
Unfortunately the end results of these types of incidents are often devastating for their victims. 1 in 4 Americans reported that they would stop doing business with a company following a data breach, and 67% of consumers reported a loss of trust in an organization following a breach. Once a consumer’s trust has been lost, it is often impossible to restore.
The financial consequences of data breaches can be just as dire, with the average cost of a data breach estimated at $3.86M.
In this article, we will dive deep into different types of data breaches, how organizations can mitigate their risk of falling victim to a breach, and what industries face the highest risk of falling victim to a cyber security attack.
What Are Data Breaches?
A data breach is the unauthorized access and retrieval of sensitive information by an individual without the knowledge of the user or the owner. Different states have their own laws and statutes regulating the definition and disclosure of data breaches, so it is important for organizations to be aware of these standards in the event they are party to any type of cyber security incident.
Gathering threat intelligence on prospective cyber threats across your organization’s internal and external attack surface, as well as sensitive information that may be shared across the deep and dark web is always the first step to preventing data breaches. However, depending on the industry and the level of sophistication of your attacker, breach intelligence alone may not be enough to mitigate your risk.
Importance of Data Security
Data security is a set of procedures and policies that safeguard essential digital information from unwanted access or theft. There are many different ways to safeguard your organization’s sensitive data from a breach, including encryption, data erasure, data masking, and data resiliency.
Data security is vital for organizations across all industries for the following reasons:
- Keep your information safe: implementing the right tools and data security ensures sensitive data does not fall into the wrong hands. The data may include customer payment, health records, or identification information. This info stays safe and secure with a data security program created to meet your organization’s specific needs.
- Keep your organization’s reputation clean: when people do business with you, they entrust your organization with their sensitive data. A data security strategy enables you to provide the protection they need. Your reward? A stellar reputation among clients, partners, and the competitive advantage to match.
- Give your organization a competitive edge: In many industries, data breaches are commonplace. Organizations that can keep their data secure set themselves apart from the competition, which may be struggling to do the same.
- Save on support and development costs: If you incorporate data security measures early in the development process, you may save time on designing and deploying patches or fixing coding problems down the road – not to mention the financial havoc that a data breach can wreak on your organization.
What Causes Data Breaches?
Simply put, if your organization stores any type of sensitive data – be it customer transaction information, financial documents, health records or anything else – you are at risk of eventually falling victim to a data breach if your security posture is not up to the task.
Understanding the most common causes of data breaches is a critical first step towards mitigating threats and reducing your attack surface.
Internal Causes of Data Breaches
Internal causes are the most common causes of data breaches related to organizational attacks.
- Malicious insiders-your organization’s trusted employees could stab you in the back. They are employees who actively attempt to steal data from their organizations for their gain.
- Accidental insiders-these are employees who cause harm accidentally without ill intention through simple human error.
- Negligent insiders-these are employees who cause harm through negligent behavior by not following security policies or procedures or being unaware of them.
Weak Access Controls and Permissions
Access controls and permissions help organizations apply rules around who can access data and systems in digital environments through access control lists (ACLs) which filter access to directories, files, and networks and define which users can access which information systems. Weak access and permissions, therefore, may cause data breaches through:
- Inadequate authentication – weak verifications can result in data breaches by unauthorized employees in the organization. Lack of access to security features, such as passwords for admins, may result in a data breach where unauthorized persons within the organization may access sensitive data and leak it to malicious insiders.
- Mismanagement of user accounts – using admin privileges to upgrade user access may result in a data breach for personal profit or copying files with customer information. A lack of security features to upgrade or downgrade a user may result in mismanagement of user accounts.
- Lack of role-based access controls – lack of authorization on particular users by limiting access to the resources for which they have permission can result in malicious insiders accessing sensitive data or information.
They say to err is human, however the consequences of human error in a cybersecurity context can be more severe and costly than in most other situations. End user errors have repercussions, mainly if they result in access to sensitive data falling into the wrong hands. Some common human errors within the organization include:
- Mistakes in configurations or settings – these are errors resulting from software misconfigurations by admins where outsiders create a breach of access.
- Misconfiguration of cloud services – this is where employees configure cloud services in such a way that it results in leaks and access to sensitive organization data.
- Mis-delivery of sensitive information – this is human error through inadvertently sending sensitive data out of the organization and into the wrong hands. It can be through email, placing them on file-sharing sites, or removable media such as USB sticks.
In some cases, internal data breaches are not the result of simple errors or miscommunication, but premeditated collusion. When an actor inside of an organization leaks sensitive information, shares unauthorized credentials, or acts inappropriately with the intent of profiting from the behavior, it constitutes insider collusion.
External Causes of Data Breaches
External cyber attacks from outside of your organization can be initiated by cybercriminals, third-party vendors, or other external actors. External threats can result in devastating and high profile attacks that lead to data leakage and associated reputational, financial and legal consequences.
Some of the most common external causes of data breaches include:
There are a myriad of cybersecurity attack strategies that threat actors can use to target an organization. These can include phishing attacks attempting to trick a user into clicking a malicious link in an email, or social engineering attacks that attempt to influence internal users into divulging sensitive information to attackers. There are many other types of attacks that organizations should be aware of, but the end result of these types of schemes is typically the installation of malware through malicious software viruses, data theft, and ransomware attacks that limit access to your organization’s valuable data.
Weaknesses in third-party software products, partners and systems leave your organization at risk of exposure to cyber-attacks. Supply chain attacks and physical theft are all potential third-party vulnerabilities that can cause a data breach.
Theft or Loss
Physical theft or loss of devices such as laptops, smartphones, hard drives, CDs /DVDs, or USB drives containing sensitive organization data or unauthorized access to physical premises may cause a data breach. Once the physical security is compromised, the sensitive data can be stolen or exposed to cybercriminals.
Insider-Assisted External Attacks
The attacks happen when insiders collaborate with external threat actors or there is unauthorized access using insider credentials. When insiders work with external actors, it becomes easier to breach data undetected.
What Industries Are the Most Vulnerable to Data Breaches?
Once cybercriminals have illicit access to an organization’s network, data breach, system hacks, and malware or ransomware attacks become just a matter of time. Every organization is, to varying degrees, potentially at risk of experiencing a data breach.
However, there are some high-target industries, including healthcare, financial services, technology and telecommunications, retail and e-commerce, and the government and public sector, which are at a heightened risk of being targeted by cyber criminals. Below is an overview of each of these industries, the types of data breaches they face, and examples of data breaches that have happened in the specific industries.
Healthcare Industry Data Breaches
Healthcare is an information-intensive industry. It is an attractive target for cyber criminals because data such as medical records, insurance information, and other confidential patient information are extremely valuable when they fall into the wrong hands.
The at-risk stakeholders in the healthcare industry include patients, caregivers, doctors, nurses, unions, employees, government, insurance agents, and pharmaceutical firms.
Consequently, the industry faces several cyber security challenges in 2023 and beyond, such as increasing demand for telehealth and remote healthcare services, rising healthcare costs, and regulatory compliance, such as the U.S. Health Insurance Portability and Accountability Act (HIPAA). Healthcare providers and organizations in the industry must also comply with electronically protected health information (ePHI).
Types of Data Breaches in the Healthcare Industry
Some data breaches in the healthcare industry include;
- Insider breaches by healthcare employees
- External breaches by hackers and cybercriminals
- Unintended Disclosures and human error
- Physical theft or Loss of devices containing healthcare data.
Factors Contributing to Data Breaches in the Healthcare Industry
- The need for robust cybersecurity measures and protocols.
- The vulnerability of legacy systems and outdated technology.
- Increasing demand for telehealth and remote healthcare services
- Compliance challenges with regulations such as HIPAA also contribute to data breaches in the industry.
Case Studies of Data Breaches in the Healthcare Industry
Anthem Incorporation data breach, which happened between 2014 and 2015, was the most significant health data breach in U.S history, where cyber-attackers stole the ePHI of almost 79 million individuals, including names, social security numbers, medical identification numbers, addresses, dates of birth, email addresses and employment information.
Financial Services Data Breaches
Financial data is a primary target of cybercriminals looking to gain illicit access to personal and commercial bank account numbers, credit card information, and Social Security numbers for depositors, creditors, shareholders, employees, and the government.
The financial services industry in 2023 faces challenges such as increasing demand for digital and mobile banking services, increased use of artificial intelligence and machine learning, and compliance challenges with regulations such as Federal Deposit Insurance Corporation (FDIC), General Data Protection Regulation (GDPR) and Payment Services Directive 2 (PSD2).
Types of data breaches in the financial services industry
- Cyber-attacks targeting financial institutions
- Payment card data breaches through credit or debit card information theft by hacking point-of-sale or other payment processing systems.
- Insider breaches by employees or contractors through intentional or unintentional disclosure of sensitive data.
- Social engineering attacks target financial services employees or customers by tricking them into disclosing sensitive information.
Factors contributing to data breaches in the financial services industry
- Sophisticated cyber threats and techniques attackers use to breach financial systems and steal sensitive data.
- Vulnerabilities in financial systems and technologies through outdated or unpatched software and hardware systems that cybercriminals can exploit.
- Inadequate employee training and awareness to identify and prevent data breaches.
- Increasing use of digital and mobile banking services increases their attack surface and creates new vulnerabilities for cybercriminals.
Case studies of data breaches in the financial services industry
In 2017 Equifax announced the most significant data breaches in the financial service industry that exposed personal information such as names, addresses, dates of birth, social security numbers, and driver’s licenses numbers of 147 million people. The breach led to the financial institution losing millions of dollars in settlement to the members affected by the breach.
Technology and Telecommunications Data Breaches
Despite their dominance and control of the digital landscape most consumers interact with every day, technology and telecommunications giants have faced numerous, high-profile data breaches. Even tech-focused companies need to constantly work on evolving their cyber security posture to help to keep up with the growing sophistication of cybercrime.
The technology and telecommunications industry is critical to modern society, enabling and driving communication, commerce, and innovation. The industry deals with data from a wide array of stakeholders including large multinational corporations, startups, government and regulatory agencies, as well as Over-the-Top (OTT) streaming platforms and cloud players.
Types of data breaches in the Tech and Telecommunications Industry
- Cyber-attacks and supply chain attacks targeting technology and telecommunications companies.
- Breaches of cloud storage and data hosting as more companies adopt cloud storage services.
- Insider breaches by employees or contractors through misuse of their access to sensitive data for personal profits.
Factors contributing to data breaches in the tech and telecommunications industry
- Advanced and persistent cyber threats against tech companies, such as social engineering and phishing, to gain access to networks and systems by cybercriminals.
- Vulnerabilities in third-parties software, hardware, and networking technologies through malware attacks.
- Supply chain security and third-party vulnerabilities.
- Rapid technological advancements and potential security gaps due to the growing sophistication of cybercrimes.
Case studies of data breaches in the tech and telecommunications industry
In 2021, LinkedIn suffered a data breach for over 700 million records where cybercriminals misused the official LinkedIn API to scrape the data. The same year, Facebook suffered a breach where 500 million pieces of data, including full names, locations, email addresses, and biographical information from 106 countries, were disclosed due to a vulnerability that had supposedly been patched two years prior. Yahoo also recorded a breach that affected 1 billion accounts in 2013, where names and passwords were stolen.
Retail and E-commerce Data Breaches
Data breaches in the retail and e-commerce industry often result in significant damage that gets passed on to consumers. Customers of companies that are the victim of a breach may suffer identity theft and financial loss, leading to both reputational damage and economic losses due to lawsuits and fines.
The key players and stakeholders that can be the victim of data breaches in this industry include retailers, e-commerce platforms, payment processing companies, as well as logistics and supply chain companies.
Types of Data Breaches in the Retail and E-commerce Industry
Some of the data breaches in the industry include;
- Point-of-sale (POS) system breaches occur when cybercriminals access a company’s POS system, which processes payments and collects customer information for malicious activities.
- Data breaches in E-commerce websites occur when cybercriminals hack into a company’s website and steal customer information such as names, addresses, and payment card details.
- Payment card data breaches occur when cybercriminals steal credit and debit card information which they use for fraudulent transactions.
- Insider breaches by employees or contractors when access to sensitive information and intentionally or unintentionally disclosing or stealing the data.
Factors Contributing to Data Breaches in the Retail and E-commerce Industry
- Weaknesses in payment processing systems and networks where companies use outdated or poorly secured payment processing systems make them vulnerable to cyberattacks.
- Vulnerabilities in e-commerce platforms and websites due to spam attacks, Bot attacks, and triangulation fraud.
- Inadequate data encryption and security measures such as passwords and multi-factor authentication.
Case Studies of Data Breaches in the Retail and E-commerce Industry
In 2018, Under Armour announced a data breach of 150 million MyFitnessPal user accounts. The compromised accounts contained customers’ information such as usernames, email addresses, and hashed passwords, all of which were stolen in the attack.
Government and Public Sector
The government and public sector handle big data ranging from sensitive information about citizens to confidential government documents, all of which is susceptible to cyber-attack.
The government and public sector deal with highly sensitive data about their citizens, such as personal and forensic information. The data is precious, making them vulnerable to threat actors operating on behalf of a foreign power, as well as hacktivists or cybercriminals who seek to monetize federal, state, and local databases.
In 2023, the government and public sector will strive to heighten data security by adopting cloud technology and increasing reliance on mobile devices due to the growing threat of sophisticated cyber-attacks.
Types of Data Breaches in the Government and Public Sector
- Cyber-attacks on government networks and systems that target government IT systems and networks to steal sensitive data or disrupt critical services.
- Breaches of sensitive citizen identification information and financial data for identity theft, financial fraud, and other negative consequences for citizens.
- Insider breaches by employees or contractors with access to government data and systems which misuse their privileges to steal or leak sensitive citizens’ information, either intentionally or unintentionally, severely damage government entities and citizens.
Factors Contributing to Data Breaches in the Government and Public Sector
- Cybercriminals continually develop new and more sophisticated attack methods to target government entities which are challenging to detect and mitigate, making them a significant threat to government data and systems.
- Government IT systems and networks have vulnerabilities since government organizations usually use outdated and poorly secured IT systems and networks, which can be vulnerable to cyber-attacks. In addition, many government entities use third-party vendors to provide IT services, creating vulnerabilities.
- Insider threats and misuse of access privileges to government data and systems can intentionally or unintentionally cause data breaches and abuse of access privileges, including stealing data, leaking information, or accidentally exposing data through poor security practices.
- Government entities may face budget constraints that limit their ability to invest in robust cybersecurity measures.
Case Studies of Data Breaches in the Government and Public Sector
In 2018 India’s biometric database was breached via a leak at a state-owned utility company where all registered Indian citizens were affected. Their names, identity numbers, and bank details were exposed, and over 1 billion pieces of information were stolen.
Future Threats and Trends
As technology advances, new threats and trends can impact data security across all industries and organizations. Here is a look at some of the factors and innovations that will determine the future of data security.
Artificial Intelligence (AI) and Machine Learning (ML)
Today’s world is flooded with Internet of Things (IoT) devices that collect vast amounts of data. Companies can leverage AI and ML to automate processes, optimize operations, and enhance customer experiences while detecting and responding to threats more efficiently through informed decisions. For example, ZeroFox’s cyber threat intelligence platform is powered by AI and deep learning to help organizations gain access to more actionable threat intelligence faster than ever before.
Zero-trust Security Frameworks.
A “zero trust” approach grants access to systems and data based on strict identity verification, authentication, and authorization, regardless of the location or device. This approach to cyber security can help reduce the risk of unauthorized access to sensitive information.
Blockchain is a distributed database shared collectively by a group of select participants. Implementing blockchain technology enhances data security, privacy, and integrity, particularly in industries that require secure and transparent data transactions, such as finance and supply chain management.
How to Respond to a Data Breach
For more information on how to mitigate your organization’s risk of experiencing a data breach, download our whitepaper The Complete Guide to Data Breach Response. However, in the event that threat intelligence and disruption methods aren’t enough to prevent a data breach, a robust incident response strategy is a critical next step to mitigate the damage.
At ZeroFox, our breach response services can help your organization contain breaches when they occur and create an appropriate and scaled response plan to support those affected. A swift and thorough response can mean a world of difference when it comes to mitigating the damage caused to your business and impacted individuals.Contact the ZeroFox Response Team today to learn how we can help get you back to business as usual faster after experiencing a security incident or data breach.