Just months removed from the cyberattack that shut down the colonial pipeline and forced an executive order on cybersecurity, public and private sector organizations alike have taken stock of their security processes to assess potential vulnerabilities and prevent similar attacks. Data breaches are a top cybersecurity threat, opening the door to data leaks and ransom attacks that cause massive disruption and make national headlines.
We all know the risks. According to a survey conducted by the World Economic Forum, almost 80% of senior cybersecurity leaders called ransomware a “dangerous” and “growing threat to our public safety.”
Despite knowledge of these risks, the volume of data breaches is increasing. According to Statista, “the number of data breaches in the U.S. has significantly skyrocketed within the past decade from a mere 662 in 2010 to over a thousand by 2020.” As we’ve written before, “breaches can and will occur,” leaving cybersecurity challenged with the gargantuan task of minimizing data risk in a sea of vulnerable and interconnected accounts, portals, databases and cloud assets.
In order to take on this challenge, it’s important to know the basics. Let’s discuss the types of data breaches, how they occur and some best practices for mitigating risk and securing the organization.
What is a Data Breach?
A data breach is the unauthorized intrusion of protected systems with access to sensitive information conducted by a threat actor. Once inside, threat actors can leverage their access to steal valuable user data, hijack system controls and generally wreak havoc for the organization. Data breaches can occur in any size organization, impacting both small businesses and large corporate enterprises.
Common targets of a data breach include both employee and customer data such as personally identifiable information (PII), health records, credit card numbers and login credentials. Other targets include guarded corporate or government data such as intellectual property (IP), trade and state secrets, private records and more.
The consequences of a data breach and subsequent data leakage can lead to lost revenue, reputational damage, operational downtime and even legal action. These costs can vary, ranging anywhere from $30,000 on average to even as high as $1.6 million in some cases. The recovery costs from the colonial pipeline attack are estimated to be ranging upwards of tens of millions of dollars on top of the $4.4 million ransom already paid out in cryptocurrency to the hacker group.
What Are the Types of Data Breaches?
Threat actors use a wide variety of attack tactics and methods to gain access to an organization’s protected data. While the breach relates to the point of intrusion, it often refers to the attack itself. According to the 2021 Verizon Data Breach Investigations Report (DBIR), a data breach refers to “an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party.”
With this in mind, here are six of the most common types of data breaches that your company’s security team should look out for.
- Password Exploits and Brute Force Attacks – One of the most common ways a data breach occurs is by exploiting weak or compromised passwords. In fact, the data breach that made headlines worldwide by compromising and disrupting the Colonial Pipeline happened because of a single stolen password and lack of multi-factor authentication. Beyond basic guessing of weak and commonly used passwords (which many users repurpose across multiple accounts), threat actors will often use tool-assisted brute force applications or credential stuffing that make use of automation and compromised credentials to gain access.
- Hardware Exposures and Physical Security Attacks – Sometimes, the most significant security vulnerabilities that lead to breaches lie outside the digital realm. Threat actors can exploit stolen, exposed or unsecured hardware like laptops, hard drives, mobile phones and more to find any saved data (such as credentials, email communications, files, etc.) that could help them gain access to guarded systems.
- Malware Attacks – Malware attacks refer to the software deployed by threat actors to disrupt, damage or intrude into a protected system, network, database, etc. While malware is commonly used during the exfiltration stage of an attack, it can also be used to gather data (such as with spyware or keyloggers) or create backdoor vulnerabilities that can lead to a data breach. General malware (C2, trojans, downloaders, etc.) can make its way into a system in various ways. The 2021 Verizon DBIR noted that “30% of the malware was directly installed by the actor, 23% was sent there by email and 20% was dropped from a web application.”
- Phishing and Spear Phishing – Perhaps the most prevalent form of cyber attack, phishing and spear phishing are tried-and-true methods threat actors use to plan and execute data breaches. Phishing is a form of social engineering centered around convincing the victim to share sensitive information by posing as a trusted source. In contrast, spear phishing refers to the specific method of attack that involves targeting users with tailored phishing content under the guise of a known contact. The goal of these tactics is to ultimately siphon guarded user data (such as login credentials) to then leverage and gain access to a protected system. Malicious links, impersonating social accounts, fraudulent domains and malware-infected attachments can all be deployed as part of the attack.
Due to their relative effectiveness, along with easy-to-deploy phishing kits, phishing and spear phishing have been on the rise. A recent FBI Internet Crime Complaint Center (IC3) report noted that “phishing scams resulted in 241,342 complaints and losses of over $54 million in 2020 alone.”
- System and Network Vulnerabilities – Sometimes, threat actors can bypass login portals altogether to access sensitive data by exploiting vulnerabilities associated with system and cloud applications, assets or infrastructure. For example, a frequent attack vector abused by threats are APIs (Application User Interfaces). If not properly secure, APIs can leave the organization open to exposure, data breaches, or even crippling DDoS attacks. Other common attacks target vulnerabilities associated with remote desktop protocols (RDPs), domains, WiFi hotspots, administration control interfaces and more.
- Human Error and Privilege Misuse – Let’s face it, no organization is perfect. Humans, after all, make mistakes. Unfortunately, threat actors are well aware of this and look for ways to exploit and abuse these mistakes and human-based errors. One common example of this is known as misdelivery or accidentally exposing or sending sensitive information to the wrong recipients. Other common mistakes include misconfiguration (such as database assets or permissions), programming errors that code open to exploits and misplacing physical documents and devices. All of these accidental data threats can open the door to subsequent data breaches. Additionally, sometimes threats can come from within the inside of the organization. Employees or contractors motivated by illicit intentions and access to protected systems may sometimes abuse their privileges, provide credentials to other threat actors or do the dirty work themselves.
Preventing These Types of Data Breaches
Preventing these types of data breaches and mitigating risk is a huge challenge for security teams facing off against a growing and evolving threat landscape. According to the ZeroFox Report, The Future of Digital Threats: 2020 Insights, 2021 Predictions, threat actors largely doubled down on existing capabilities and continued to challenge defenders to stop them.
Security teams should be sure to take the following steps to mitigate threat trends and safeguard their organization from data breaches:
- Enable multi-factor authentication for all accounts
- Focus on intrusion chains rather than attribution for more effective disruption
- Maintain security best practices and enforce a security control on the creation of new cloud instances
- Always plan for the future and be proactive in evolving policies and plans to mitigate risk while supporting future-state business operations (such as supporting a remote workforce)
- Double down on training and education to cut down on user errors and help employees make safe, risk-averse decisions
How You Can Protect Your Company
The ZeroFox team continues to produce informative resources and engaging events to help security teams and organizations as a whole navigate unknown territory as the landscape continues to evolve. To learn more about the top threat trends from 2020, as well as predictions on the tactics and techniques expected to increase in 2021, download the free ZeroFox report on The Future of Digital Threats and watch the on-demand webinar.