Languagesx
English Deutsch
Subscribe
Home Know Your Enemy: The 5 Different Types of Data Breach

Know Your Enemy: The 5 Different Types of Data Breach

5 types of security breach
Know Your Enemy: The 5 Different Types of Data Breach

Data breach, the bane of many security experts. Anybody can fall victim to a data breach at any time. The damage is usually extensive and expensive if not utterly debilitating. Breaches are a cancer that never knows remission and a significant cause of concern in the connected world of today. What is a data breach to begin with? Well, you need to know your enemy, and there are about five different types of data breach.

Here is a quick and straightforward analogy. If a burglar picks your lock or breaks your window and enters your house, that is a security breach. If the burglar steals your documents and personal information and then leaves, that is a data breach.

According to an article on Wikipedia, “A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.” A friend might steal a couple of your randy pictures to expose or prank you on Facebook; data breaches usually happen on a colossal scale involving millions if not billions of records. Big companies (you know, the kind you’d never imagine would fall victim) such as Yahoo, and Equifax among others aren’t safe either. When you think of it, attackers seem to love big and blue-chip companies because of the more significant the impact, the fatter the paycheck.

The stolen information is then used to commit credit card fraud, identity theft, and a host of other heinous crimes. Some attackers will even sell the information in bulk on the dark web, giving even more bad guys the chance to commit abhorrent atrocities ranging from espionage to blackmail and the list goes on. Data breaches are a severe problem that mandates organizations to prepare beforehand.

The first step in preparing is awareness about the 5 different types of data breach. If you know how the enemy operates, you can put countermeasures in place.

For each of the five types of data breach, you’ll learn a couple of preventative measures so that you can bolster the security of your systems. Keep in mind that attackers hardly rest, so don’t you sleep either. Keep learning and implementing the best security practices and stay ahead of the bad guys. Always remember to share your concerns about security and give each other the best security tips you hear about.

5 Different Types of Data Breach 2019

This list of data breaches is in no particular order, but they are all serious areas of concern for any organization or person looking to stay safe from data breach.

Physical Theft

Who has ever watched the Mission: Impossible film that was released in 1996? If you haven’t seen it — find it and watch it. For those who watched the film, I think you’ll agree when I say: We should laud the director, Brian De Palma, for that one famous scene where Ethan Hunt (Tom Cruise) rappels from the vent of an incredibly secure CIA vault to steal the NOC list that contained the real names of agents in the field.

THAT PEOPLE is a classic example of data breach by physical theft, but we celebrated Tom Cruise for the act. In the real world, things might not be as dramatic, but data breach by physical theft is very much a reality for many organizations. It could be as simple as someone plugging a USB drive into a server containing sensitive and business-critical information, or as brazen as someone carrying a hard disk out of your business premises. If anybody can walk out of your premises with sensitive business data, you’re in deeper trouble than you would like to admit.

Leaving confidential documents in plain sight or disposing of sensitive information improperly (yes, a determined data thief won’t have qualms about going through your trash) can also expose you to a data breach. It’s the main reason vaults (but clearly not that CIA vault in Ethan’s case), shredders and furnaces were invented – to protect and get rid of sensitive information that mustn’t fall into the wrong hands.

To protect your organization from physical theft of data, implement stringent security protocols that ensure only authorized people have access to privileged and sensitive data. Have you ever heard of chit-key vaults and safe deposit boxes? Well, you might need to school yourself up on such secure storage options if you’d like to keep physical data breaches at bay.

What about your prized server room? We recommend you invest in military-grade security, laser sensors, motion detectors, sentry guns, the Death Star, the Infinity Gauntlet; whatever works for you – just ensure you leave nothing to chance. Pardon all the movie references, but we all know what happens when hackers release nude pictures of female celebrities and media files that were meant to stay private. The fallout if often nasty and people lose face and jobs, but I digress.

Cyber Attack

Cyberattack is one of the most prevalent forms of data breach since the attacker needn’t be physically present on your business premises to steal your data. All a cyber attacker needs is a computer with internet access and a couple of hacking tools to grab your data without your knowledge.

Data breach by cyber-attacks can go on for months or even years without anyone noticing, especially if the hacker did his/her job well. Often, the intrusion is discovered when the damage has already been done, i.e., after the data breach has taken place.

But how does a criminal hacker on the other side of the globe gain access to your system? The attackers rarely reinvent the wheel unless they have to. They use old hacking methods that are known to work. If they devise a new tactic, it’s mostly a combination of old tactics meant to exploit vulnerabilities in your system.

Common mechanisms hackers use to break into your systems include malware, keyloggers, fictitious websites, trojans, backdoors, and viruses, among others. Usually, they trick users into clicking and as a result, install malicious programs on the system, which is how they mainly gain access to your data. Others will intercept the information you send and receive over an unsecured network in what is commonly known as the man-in-the-middle (MitM) attack.

An attacker may dupe an unsuspecting staff member to steal login credentials. The attacker then uses the login credentials to login to the staffer’s computer, from where they launch a lateral attack on the rest of your system. Before long, the attacker has access to restricted areas of your network, and BAM – your data is gone, lost or rendered useless.

With criminal cyberattacks making up over 48% of data breaches according to the Cost of Data Breach Study by IBM, how do you protect yourself from cybercriminals looking to harvest your data? Preventative measures to keep cyber attackers at bay include:

  • Encourage staffers to use strong and unique passwords. Never use the same password for different accounts. If you can’t remember many different passwords, considering investing in a password manager such as LastPass and Cyclonis, among others. And please, never ever use “123456,” “password,” “admin” and such easy-to-guess passwords
  • Invest in a state of the art VPN to secure your network. A VPN encrypts your data such that it’s unreadable even if attackers manage to steal it
  • Redesign your tech infrastructure with a security-first approach in mind
  • Enable two-factor authentication to protect your servers and other storage devices containing sensitive data
  • Use an antivirus and firewalls
  • Update your software to seal security holes and improve functionality. Best is to keep your software updated at all times

To learn more about protecting your organization and yourself against cybercrime, here is a list of relevant posts for further study.

Employee Negligence aka Human Error

Have you ever sent out an email blast and be like “No, No, No, No, Nooo!” Yeah, most of us have been there, and it’s one of the worst feelings ever – especially if you send confidential or sensitive information to the wrong recipients. Or what happens when you send the wrong attachment to the right recipient? That photo you mean to send to your significant other?

Both scenarios constitute data breach, and when it happens in an organization, it can cause unprecedented chaos and unrest. But perhaps the above examples don’t cut it for you, so here is a fun fact. Did you know networked backup incidents and misconfigured cloud servers caused by employee negligence exposed over 2 billion records in 2017? According to the 2018, IBM X-Force Threat Intelligence Index published on itweb.co.za.

The point is to err is human; we all make mistakes, and it’s inevitable. But mistakes that could take your company off the pivot can’t be taken lightly or for granted. To mitigate this type of data breach, you must educate your employees on the essential elements of information security, and what will happen if they aren’t vigilant when performing their duties. It might sound like a weak point, but a little training could go a long way in combating data breach due to employee negligence.

On top of that, educate non-technical staff members on data security awareness procedures and policies. At the end of the day, you should embrace a zero-tolerance policy to data breaches that result from employee negligence. Inform your employees on the importance of keeping data safe and the repercussions should the unthinkable happen.

Insider Threat

While most organizations focus on mitigating external threat factors, insiders pose a more significant threat than you’d typically imagine. According to an Insider Threat study by CA Technologies and Cybersecurity Insiders, 53% of organizations faced insider attacks, with the main enabling factors being:

  • Many users have excessive access privileges
  • An increased number of devices with access to sensitive data
  • The increasing complexity of information technology

From the same source, 90% of organizations feel vulnerable to insider attacks, and 86% of organization already have or are building insider threat programs. According to IBM Insider Threat Detection, insider threats account for 60% of cyber attacks. Wow, just wow – quite the staggering figure if I must point out the obvious, which also means you must be extra vigilant or one of your employees will drive a steel stake through the heart of your organization.

Data breaches resulting from insider threats are quite common nowadays, and extremely difficult to detect. Network protectors can quickly combat malicious outsiders, but the job becomes harder when threats come from trusted and authorized users within the organization.

The job becomes 10 times more challenging since there are different types of insider threats, namely:

  • Disgruntled employees – This category of criminal insiders commit deliberate sabotage or steal intellectual property for monetary gain. It’s common for employees to steal information before and after quitting or being fired. Some harmful elements sell trade secrets to competitors, but others want to take down the enterprise.
  • Nonresponders – Some employees never respond to security awareness training, no matter the resources you invest. These are the people who usually fall prey to phishing scams repeatedly because, well, you can stick your security awareness training up your (you know where).
  • Insider collusion – Professional cybercriminals will go to great lengths to steal your data. They scout the dark web looking to recruit your employees. If one of your employees collaborates with a malicious attacker, you will have a severe security and data breach, and you don’t need a rocket scientist to tell you that. In some cases, an employee may even cooperate with another employee in the same organization, exposing you to all types of cybersecurity problems. If you need a little prodding in the right direction, just think how insider collusion can expose your enterprise to fraud, intellectual property theft, and plain old sabotage.
  • Inadvertent insiders – Ignorance is not bliss as far as cybersecurity goes. Negligence on your employees part invites all manner of trouble since attackers are savvy to vulnerabilities that inadvertent insiders cause. Negligent staff members expose your organization to malware, phishing, and man-in-the-middle (MitM) attacks, among other forms of attack. Attackers may take advantage of negligence in your organization to exploit misconfigured servers, unsecured/unmonitored microsites, and so on.
  • Persistent malicious insiders – Criminal “second streamers,” i.e., employees seeking supplemental income maliciously, won’t protect your data. Instead, they will commit a slew of malicious acts such as exfiltrating data for financial gains. And this category of people will remain undetected for long periods to maximize the benefits of data theft. And since they are aware of network monitoring tools, they will steal data slowly instead of committing data theft in bulk. As such, they can operate under the radar for months or years.

How do you prevent data breach caused by insiders? How do you protect your data when the threat comes from the same people you trust. To protect your data from insider threat, you need to implement measures such as endpoint and mobile security, Data Loss Prevention (DLP), data encryption at rest, in motion and use as well as Identity and Access Management (IAM). You can even adopt behavioral analysis and reduce vulnerabilities. These measures will combat, among other things, unauthorized access, negligence, and data loss in case of a breach.

Ransomware

What comes to mind when you see the word RANSOMWARE? WannaCry? $700,000 of losses? Laws? The HIPAA perhaps? CryptoWall? CryptoLocker? Ransomware can constitute a data breach depending on the malware that attacks your systems. Other factors such as the type of data stolen, the current status of said data and – again – laws. Anybody who puts your data at risk of loss has committed data breach to some extent. If some hacker somewhere holds your data hostage, your organization will surely experience losses in all fronts. And you determinedly would instead carry on as usual – plus money doesn’t just grow on trees.

The attacker who hijacks your data has demonstrated that they can steal or destroy your data at will.

Clearly, they are talented, and ransomware comes in a million shades of nasty. Could take over your system right this minute considering there are more than 4,000 ransomware attacks per day according to the Federal Bureau of Investigation (FBI). It’s one of the reasons the US government has a $15 billion budget for cybersecurity. The majority of attackers use ransomware to cover their tracks. Just think about it for a minute. Some guy breaks into your system steals your data, and if that isn’t enough, holds your data hostage for profit as they cover a data breach.

Ransomware ruins your reputation. It takes blood, sweat, and tears to build a name, so say “no” to ransomware.

You can avoid ransomware of you’re cautious enough. Plus, you can always ramp up your defenses. And please install a powerful antivirus program (my favorite is Eset Nod32), and ensure you activate web file protection and firewalls to combat malware-laden emails and messages that pass spam filters. Additionally, invest in a clever backup plan so that you can simply wipe the drives to eliminate ransomware, and then restore backups. That way, you can beat ransomware attackers at their own game, instead of paying a ransom.

Final Words

Security goes beyond mere awareness, so don’t take data breach sitting down. You can effectively protect yourself, and if the worst happens, rise from the ashes stronger than before.  Keep learning and implementing the best security policies and procedures to protect your business against the various forms of data and security breaches. Keep the conversation going until you have everything you need to safeguard yourself and your organization against all five of the data breach of types.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

tags
Richard Parker
Editor

Richard Parker is senior writer at https://www.equities.com/user/Richard & https://www.theselfemployed.com/profile/richardparker/ . He covers industry-specific topics such as Entrepreneurship, Data/Security, Startups, Industrial, Growth Equity Community, Smart Cities, Connected Devices & Smart Homes.

Related News

Some UK and US government sites are 'sharing data with ad brokers'. A digital collage merging iconic UK and US government buildings with floating digital ad bubbles and data streams, illustrating the sharing of visitor information with advertising brokers. The UK's Big Ben and the US Capitol building are prominently featured against a backdrop of digital elements and the Union Jack and American flag, emphasizing the intersection of governance and digital advertising.
Some UK and US government sites are ‘sharing data with ad brokers’
Suswati Basu
AI-inspired image of a team of Chinese hackers in a control room with the flag of China on the wall
Chinese hackers increasingly using AI to interfere in elections – report
Graeme Hanna
Massive hack hits AI servers, exploits Ray framework vulnerability. The image depicting the massive hack on AI servers exploiting the Ray framework vulnerability is ready above. It aims to visually represent the severity and scope of the cyber attack through an abstract and symbolic digital art piece.
Massive hack hits AI servers, exploits Ray framework vulnerability
Suswati Basu
Stealthmole secures $7m funding for its AI-powered dark web intelligence firm. A cybersecurity mole, dressed in hat and trench coat, investigating the dark web.
StealthMole secures $7m funding for its AI-powered dark web intelligence firm
Suswati Basu
Telegram emojis and icons / Telegram's P2PL system comes with a risky way to save $5 on premium subscription
Telegram will offer free Premium subscriptions – but there’s a catch
Graeme Hanna

Most Popular Tech Stories

Latest News

AI-generated image of audio created to impersonate a school principal / Baltimore police arrest former high school sports director for framing principal using AI
AI

Baltimore school principal targeted in faked audio AI scam
Graeme Hanna13 hours

In Baltimore, Maryland a former high school sports director has been arrested for using artificial intelligence to impersonate a principal, making the public believe he had made racist and anti-semitic...

Popular TopicsArrow right.svg

AI
AI
AR / VR
AR / VR
Cryptocurrency
Cryptocurrency
Gaming
Gaming
Smartphone
Smartphone
Gambling
Gambling
Wearables
Wearables
Web
Web

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.