Types of Data Breaches in Today’s World

Insider Threats

Insiders may already have authorized data access and knowledge. Therefore, it is harder to prevent an insider threat than an external attacker. Insider attacks can remain undetected for months, or even years, before being discovered, making it easier for a cybercriminal to achieve their objectives. 

Some of the hardest attacks to prevent are sophisticated attacks that involve multiple insiders working in unison, like fraud rings or cyber espionage. This is because it is more difficult to spot a coordinated attack with multiple events occurring, or a consistent pattern of suspicious behavior, and to distinguish these kinds of ill-intentioned activities between lots of legitimate use of the system. 

Some potential mitigations for an insider threat include performing regular data access reviews, staff background checks, security and data access controls, staff awareness, and training. Every employee in the organization, but particularly the IT and security teams, should be familiar with the organization's incident response plan and the documented procedures to be followed in the event of an incident. Such an incident response plan should form part of a mature and well-articulated security strategy including the management of 'bring your own device' (BYOD) and 'the internet of things' and ensuring 'privacy by design' to anticipate dynamic cyber threats. 

Lastly, organizations should consider implementing a data loss prevention solution to prevent sensitive data — such as personally identifiable information (PII) — from 'leaking' off the network. This solution detects potential data breaches and puts a stop to them by controlling how external storage devices (USB drives) can be used. 

By focusing on the information or instructions he provides, the employee will be more likely to overlook the fact that he is handled such that his online actions are under careful scrutiny. Such policies protect intellectual property and customer's personal information by tracking and controlling the distribution and telecommunication of sensitive data.

Malware Attacks

There are several types of malware that can be used to compromise sensitive data. The first type of malware we will consider is a virus. Most people have heard of these and know they can cause significant damage to computers, but many do not know exactly how they work. A virus is a piece of computer code that attaches itself to an existing program, such as a word processor or a game. Then, whenever the program is run, the virus duplicates itself and attaches to other programs. This will eventually stop those programs from working properly. Unfortunately, it is also possible to have viruses that are designed to find and delete specific file types on a system. This could be used to delete a particularly important file, or it could simply be used to damage as much data on the system as possible.

Worms are very similar to viruses in the way that they work and their intended purpose. However, there are differences between viruses and worms, in that a worm does not alter programs on a computer and it can transfer itself by email. Also, worms can have different destructive ways to affect the machine, such as deleting files or simply damaging data on the system.

Ransomware is a particularly nasty form of malware. When a computer is infected, it will lock the system or encrypt its data. The owner of the computer will then receive a message stating that a ransom must be paid to access the computer and its data again. There are three main reasons ransomware is so effective for criminals. First, encryption makes it impossible to find out whose data it is so the criminal can claim that it is anyone's. Second, it is very difficult to catch the criminal because they are not taking the money directly from the victim so there is no trace to them if the victim does choose to pay the ransom. Finally, it is also quite easy to remain anonymous when setting up ransomware attacks so that it is hard for the criminal to be found in the first place. This type of attack is often used with phishing emails.

Another form of malware that can very effectively use a data breach is called a Trojan, or a 'Trojan horse.' This program is designed to do something sophisticated that none of the other types of malware can do. It is capable of finding information, altering data, and slowing down a computer's performance. This makes it a very powerful tool when a hacker uses it. They can use the data breach to find personal information, then change settings and make it so that the computer is not working properly when the user comes to use it. But at this point, it should be very clear that there are a number of different ways that malware can infiltrate a computer system to breach the security and compromise data. In the next section, we will look at how phishing and social engineering can be used to trick individuals into divulging their confidential information.

Phishing and Social Engineering

Phishing attacks generally exploit and try to profit off of security weaknesses in human brains. They try to catch the user off guard in instances where the user has his or her defenses down. It is an attack where the attacker (or the "bad guy") pretends to be someone else with the intention of tricking the victim into revealing some personal information or a trade secret. The key to this type of attack is trust. 

For example, you might trust that the name that pops up on the screen when someone is calling you with a video chat is the actual person who you expect to talk to. You might trust that when you get an email from your bank asking you to update your information due to a new software update, the logo you see and the colors and style used in the email are really the bank's logo and styles. These are the social engineering attacks, exploiting the fact that the end target is a human. They can provoke emotion, curiosity, fear, or the desire to help and those emotions can override rational or skeptical thinking. 

Unlike other personally identifiable information, which is protected under FERPA, social security numbers are of particular significance for identity theft and can have far-reaching effects for years after the data breach. Since they are the key manner to identify someone and are often used in conducting transactions, knowing someone's social security numbers can enable the actuation of a number of forms of identity theft and fraud. Victims of Social Security number data breaches often suffer financial loss and derogatory life events and are typically required to purchase identity theft protection services or credit monitoring in the wake of the breach. 

It was reported in January 2020 that W-2 form scams and business email compromise scams are emerging as prominent risks in the higher education sector — these scams seem to overlap the characteristics of both phishing and social engineering, given that W-2 forms can be used in identity theft and business email compromise is a type of really big monetary fraud typically committed over many months in the context of a larger company.

Physical Security Breaches

Physical security breaches involve unauthorized access to physical locations where sensitive data is stored. This can occur through theft, unauthorized entry, or negligence in handling physical storage devices, such as hard drives or USBs. For instance, an individual may attempt to bypass security controls and gain access to a server room or an office space where servers, computers, or other storage devices are housed. Once inside, they might steal servers or hard drives, or tamper with existing hardware in a way that compromises the stored data.

Physical security breaches are particularly concerning because the misuse of hardware can be difficult to detect, and the subsequent investigation and recovery efforts can be time-consuming and costly. To help protect against these breaches, organizations should conduct regular risk assessments of all physical storage sites to identify and address vulnerabilities. Some commonly overlooked areas to consider include secure document storage, server rooms, and workspaces where sensitive data is accessed or handled.

In addition, all employees should receive training to identify and report suspicious persons or activities. There should be a clear and effective process for escalating and responding to such reports. Lastly, robust access controls should be implemented to prevent unauthorized access, such as the use of swipe card systems, and surveillance technology, such as intrusion detection systems and security cameras, can be installed to provide continuous or periodic monitoring of high-risk areas.

Third-Party Data Breaches

Third-party data breaches involve the compromise of data handled by external entities. For example, in mid-2017, the world witnessed a huge third-party data breach. A well-known and widely used marketing and data aggregation firm, known as River City Media, was found to have exposed a database of 1.34 billion email accounts. This resulted from a misconfigured database containing all of the firm's own collected data; this in turn offered a free and easy system for anyone on the internet to access this wealth of data. 

This was particularly catastrophic for anyone who had used the same email address for several different online services since the breach could potentially allow hackers to gain access to other accounts held by victims. Third-party breaches can occur when a service provider or business associate is granted access to an organization's sensitive information. These breaches are extremely detrimental to both the individuals affected and the business or organization associated. 

It is vital for organizations to be vigilant in carefully selecting the third parties with whom they allow access to sensitive data. Also, organizations should ensure that proper due diligence is conducted and that all necessary provisions are within contracts and service-level agreements. Due responsibility is not only on the primary organization — third-party organizations must also ensure that they have stringent and comprehensive cyber and data security measures in place. 

Robust mechanisms should be implemented to protect the data and monitoring should be in place to ensure that breaches or attempts to breach are rapidly identified and responded to. Finally, whilst this kind of breach occurs from outside the main organization, all breaches — regardless of type or severity —require a comprehensive and methodical response and investigation. Organizations should ensure that protocols and response plans are regularly reviewed and exercised to ensure that any breach, large or small, can be resolved quickly and effectively.