What Types of Data Breaches do you Need to Know About in 2023?

By now, all firms should be aware that cybersecurity threats are among the leading risks any business faces. Within this, those that directly compromise sensitive data have the potential to be especially damaging.

With the typical cost of a data breach now reaching almost $4.5 million – a 15 percent increase over the last three years – it’s critical that enterprises have the correct defenses in place. This means data protection at every level of the business, from initial perimeter defenses to preventing data exfiltration. But in order to implement this effectively, it’s vital to understand what cybercriminals are looking for and the methods they’ll use to get it.

Poor data security can have a wide range of repercussions for a business. Failing in this area can do a lot more than simply disrupt activity in the short term. Serious incidents can not only cost huge amounts of money, but lead to an exodus of customers and even threaten the future viability of the organization.

Many hackers today make extracting sensitive and confidential information the primary goal of their attacks. This can be anything from financial details that can be sold on for use in identity theft to trade secrets or intellectual property that would be highly valuable to competitors.

However, some categories of data are particularly valuable. Healthcare information, for instance, is often a key target for hackers, because its sensitive nature means organizations are more likely to give in to any demands in order to restore access or ensure it is not publicly disclosed.

Indeed, BlackFog’s 2022 State of Ransomware report revealed the most-targeted industries include education, healthcare and government, all of which are heavily dependent on confidential citizen data and also often have limited resources to dedicate to defending against attacks.

While there is a popular image of shadowy hackers on the dark web targeting firms with advanced threats, this is far from the only way in which data breaches can occur. In fact, the vast majority of cyber security issues – as much as 95 percent according to some studies – can be traced back to human error within the business.

This could be a mistake that leaves the door open for a cybercriminal. For example, failing to configure systems correctly or not recognizing vulnerabilities can leave firms open to techniques such as an SQL injection attack or advanced persistent threats. Relying on weak or reused passwords can also act as an invitation to hackers. 

Falling victim to social engineering attacks is also a common way in which data breaches can occur, so it’s vital all employees are fully trained on best practices for data protection.

As well as knowing the ‘how’ when it comes to data breaches, it pays to be aware of the ‘why’. Knowing what hackers are looking for ensures you know what parts of the network to prioritize when building a data breach presentation strategy.

In the past, the main goal for many attacks was to gain access to precious personal data – such as financial details or social security number information – that could be sold on or used for the criminals’ own gain. However, in today’s environment, motivations have shifted. Nowadays, extortion is often the primary aim of a threat actor as it offers a relatively cheap and reliable way of making money. 

Many firms will pay up to make a problem go away, regain access to critical files or prevent negative publicity, and those that do are often marked as an easy target that can be attacked again.

In order to prevent data breaches, you must first understand what they look like, the methods hackers use to gain access to businesses, and the different ways data exfiltration can take place. Therefore, familiarizing yourself with the most common types of data breach attack vectors is an essential first step in protecting your most sensitive information.

A wide-ranging term, malware is a catch-all phrase that can refer to any type of malicious software hackers seek to infect a network with. This can then be used by cybercriminals to gain unauthorized access to confidential information, exfiltrate data, disrupt systems, spy on a user’s activities or delete data on the network. 

The most common way for malware to enter a network is via a phishing attack, which is the root cause of over 90 percent of incidents. These may invite users to open a file directly in order to inject malicious code or lead them to a website that can use a drive-by download to infect a system.

Getting more specific, ransomware is a particular type of malware that has become one of the most popular forms of cyberattack over the last few years. Indeed, according to Verizon’s 2022 Data Breach Investigations Report, ransomware was involved in 25 percent of all breaches last year.

The nature of these attacks has also changed. Traditionally, a malicious actor seeking a ransom would encrypt data or systems, preventing mission-critical business activities from taking place. They would then demand money in exchange for the decryption key needed to recover.

However, today, by far the most dangerous threat is double extortion ransomware. This type of ransomware attack also infiltrates key business or customer data and then threatens to release it publicly if a ransom is not paid. According to our latest annual data breach report, 89 percent of all ransomware attacks in 2022 involved data exfiltration, a nine percent rise on the previous year.

According to Verizon, 83 percent of data breaches involve external actors – which of course means around one in six incidents originate within your business. Insider threats, as these are known, can either be down to human error, such as an individual emailing sensitive information to the wrong recipient, or be intentional.

A malicious insider threat can do huge damage and be particularly hard to spot. Such individuals often know exactly what data will be the most valuable, how to access it, and how to cover their tracks and evade standard security measures. The motivations for this can vary, from retaliation for a perceived slight to blackmail or bribery. 

Technology such as access management tools and anti data exfiltration (ADX) software can be highly useful here, as they can detect unusual behavior within the businesses and block any attempts to exfiltrate business or personal information as it occurs.

As well as being used as a channel to directly deliver malware, emails can present a range of other risks. These include targeted spear phishing attacks that are tailored to an individual victim, business email compromises that appear to be from trusted contacts such as suppliers or executives, and other social engineering attacks.

It’s estimated that over three billion phishing scam emails are sent around the world every day, which makes a strong email security solution an essential first line of defense. This should be used in conjunction with other solutions such as multi factor authentication, which can prevent an attacker from using login credentials they’ve acquired via phishing to access business or customer data.  

The other critical defense against email-based threats is employee training. By ensuring everyone in the organization is aware of the threats that arrive in their inboxes and knows what telltale signs to look at or to determine if a message is genuine, firms can greatly reduce their risk.

Finally, there are also data beaches that may not come from a hacker, but from more traditional criminal activities. Lost or stolen devices remain a common source of data breaches and can cause major headaches to businesses, particularly when confidential data is being handled on portable endpoints such as smartphones.

Clear policies to and remind employees of their responsibilities when handling company data are essential in minimizing these risks, but tools that can remotely wipe data from company-owned devices will also be important. However, these may not always be in place if workers are using their personal devices, so it’s vital you have visibility into every endpoint that may hold company data.

Data breach prevention is always better than cure. Once you discover a breach, the damage is already done. However, by putting in place the right technologies and processes to address the specific risks posed by each of the above types of data breaches, firms can go a long way toward minimizing their risk.

Preventing data breaches from happening in the first place is the best form of defense against these attacks. While the first step in this should be solutions such as firewall, email security and antivirus to prevent a hacker from gaining access to your system in the first place, these solutions alone can never be 100 percent effective.

However, even if a cybercriminal has breached your perimeter, there are still steps you can take to stop them from stealing your data. Strong access management tools to prevent unauthorized access and ADX tools that can automatically step in to prevent data being removed from a network can ensure that your sensitive information remains protected.

It can often be very difficult for firms to identify if they have been compromised. Indeed, according to Blumira, the average security breach goes unnoticed for 212 days before detection, while a further 75 days are needed to contain it.

This is where advanced, behavioral-based tools such as ADX come in. Unlike other solutions, which rely on matching potential threats with known signatures, these tools use machine learning to build up a complete picture of what typical user behavior in the business looks like. 

If it spots activities that fall outside this – such as a user account suddenly attempting a large data transfer at an unusual time – it can block these before they have a chance to steal information.

If all else fails, it’s vital to have a comprehensive mitigation plan for responding to a data breach. This should cover a range of issues, from who in the business will take responsibility for managing the response, to determining if and when data protection bodies need to be informed, and putting in place improved systems to avoid future issues.

Even if firms act swiftly the expenses of a breach can be large and wide-ranging. Direct lost business, reputational damage and the prospect of fines and legal action all add to the financial losses firms can face. If customer data is compromised, costs may even include providing credit monitoring services to affected individuals, as well as any regulatory action. 

Therefore, it’s clear that data breach prevention to block attacks before they happen is always the better option. While no system can be 100 percent secure, a defense in depth approach that runs from perimeter defenses through to endpoint protection and ADX is the best way to avoid a messy and expensive cleanup operation.