A data breach happens when data is stolen or disclosed to an unauthorised third party. It carries severe consequences for organisations facing costly fines for compliance violations, litigation, and long-term brand damage. An organisation is a victim of a data breach when an attacker exploits a vulnerability, phishes, steals credentials, or is an insider threat.
What Type of Data Is at Risk?
Any data could be disclosed in a breach, but attackers want data with monetary value. Financial data is much more valuable than simple names and email addresses. Still, financial data combined with personal information could bank attackers millions of dollars with enough records in a breach.
An attacker targeting an organisation exfiltrates as much data as possible to grab the most valuable information. The type of data determines the monetary profit from a data breach. For example, stolen bank credentials with an account containing at least $2000 are worth $120 each, but stolen PayPal credentials for accounts with no balance are only worth $14 each. (Source: Dark Web Price Index 2021)
What Is Targeted in a Data Breach?
Customer information isn’t the only target for an attacker. Breached data can lead to more sophisticated attacks. For example, stolen credentials from a phishing campaign can lead to privileged authorised access to sensitive data.
Targets in a data breach include:
- Weak passwords: Even if passwords are encrypted, deprecated ciphers or passwords vulnerable to dictionary attacks can be used in future threats.
- Stolen credentials: Phishing, spear phishing, and whale phishing target users to steal credentials and other sensitive information.
- Compromised assets: Accessing credentials, deploying malware, or exploiting applications that provide unauthorised access can enable an attacker to silently exfiltrate data.
- Credit card fraud: Skimmers and phishing target users for their credit card information.
- Third-party credentials and access: Access via a third party such as a vendor or outside contractor is a strategy for attackers.
- Mobile devices: Endpoint security is more important than ever, as mobile devices can be a gateway to the local network and your data.
What are the Damages from a Data Breach?
Unlike other attacks, a data breach cannot be remediated with a simple patch and software update. It usually triggers efforts to add more cybersecurity infrastructure to the network, but even then, the damage is done. Incident response after a data breach involves immediate disaster recovery efforts such as incident response and containment, eradication, analysis of the root cause, determining the data disclosed, the customers affected, compliance concerns, and communication with customers affected.
The severity of a data breach depends on the focused target. While it can be devastating for individuals, data breaches can cost organisations millions and negatively impact revenue long-term. The three main entities affected by data breaches are:
- Businesses: An organisation that falls victim to a data breach could lose money in litigation and reparations, but the more considerable damage is in brand reputation. Target, Equifax, and Yahoo are well known for their data breaches, and it’s cost them millions in lost consumer trust and brand damage.
- Government: Military, government trade secrets, and undercover personnel are at risk if an attacker compromises government infrastructure.
- Individuals: For individuals, the most significant monetary risk is identity theft. Individual data could be sold on darknet markets or used immediately to open credit lines, purchase products, or create fraudulent accounts.
Types of Data Breaches
When you think of data breaches, you typically think of a hacker compromising a network and stealing data. However, data breaches can result from several different actions. Human error, for example, is one of the most significant factors in data breaches.
A few different types of data breaches:
- Credentials stored in source code: Developers make a common mistake by leaving credentials or access keys in code repositories. Attackers search public repositories on GitHub to find them.
- Exploited authentication or authorisation systems: Applications with vulnerabilities or any cybersecurity infrastructure with bugs could allow an attacker to gain unauthorised access.
- Eavesdropping: Unencrypted traffic across a network is vulnerable to interception and eavesdropping.
- Human error: Negligence or a disgruntled employee could purposely or accidentally disclose data by falling for phishing or social engineering.
- Hacking: Should an attacker gain access to user devices or compromise the internal infrastructure, malware can be installed to steal data.
- Insider threats: Current or terminated employees could purposely send data to a third party or steal it for their own financial gain.
- Physical threats: Organisations are vulnerable to data theft when local resources, user devices, work laptops, and other physical assets are stolen.
Malicious Methods Used in Data Breaches
Attackers use several methods to compromise networks and steal data. The malicious methods attackers use are the primary reasons cybersecurity infrastructure and strategies are necessary. These malicious strategies vary based on the attacker’s focus and goals.
A few popular malicious methods include:
- Phishing: Phishing has sub-strategies such as whale phishing and spear phishing. Many large data breach incidents started with a phishing email targeting employees and tricking them into divulging their credentials.
- Brute force: An organisation could be vulnerable to brute-force attacks when an attacker gains access to encrypted data or sends unlimited authentication attempts. These attacks are typically automated and can be detected with the proper cybersecurity infrastructure.
- Malware: This method contains an extensive collection of malicious applications, including ransomware, viruses, rootkits, trojans, spyware, keyloggers, and bots.
How Do Data Breaches Happen?
Because data breaches are so profitable, attackers seek out personally identifiable information (PII). Small organisations often think they are not a target, but they can be a bigger target than a large enterprise with an effective cybersecurity infrastructure. Small businesses should prioritise cybersecurity, or they could be the next victim of a large data breach.
Data breaches can happen from:
- System vulnerabilities: Out-of-date software is one primary mistake that allows attackers to exploit vulnerabilities and gain access to data.
- Weak user passwords: Passwords using common phrases, personal information, or weakly constructed passwords vulnerable to brute-force attacks could allow unauthorised access.
- Drive-by downloads: Users given unfettered access to the internet could accidentally install malware from visiting a malicious page with a vulnerable browser or operating system.
- Targeted malware: For targeted malware campaigns, an attacker uses email or social engineering to trick users into opening files with malicious code or downloading malware from a malicious website.
Data Breach Statistics
Cybersecurity incidents have been on the rise for years, but incidents skyrocketed after COVID-19 introduced at-home workforces. Organisations were forced to use remote workers for every aspect of business productivity, and this phenomenon led to an increase in data breaches. Users stored data on their personal devices, and organisations opened cloud resources and VPN-accessible internal infrastructure.
Many of the latest data breach statistics were due to the pandemic, but here are a few current statistics that made an impact on cybersecurity and businesses:
- The COVID-19 impact from remote workers increased data breach costs by $137,000 per incident.
- 76% of organisations indicated in an IBM survey that remote workers increased the amount of time needed to identify and contain a threat.
- Experts count 192,000 Coronavirus-related known attacks, and numbers continue to increase.
- Healthcare attacks targeting patient information rose 58%.
- Web application exploits and compromises have doubled since 2019 and accounted for 43% of attacks.
- Loans offered by the US government to help small businesses impacted 8000 of them from a data breach.
- Symantec estimates that 4800 websites are compromised every month from clickjacking.
- Verizon estimates that 71% of data breaches are financially motivated.
- In 2019, 36% of data breaches were from organised cyber-criminals.
- It takes an average of 80 days to contain a threat.
- Healthcare organisations struggled the most with threat containment and took an average of 329 days to contain.
- Microsoft Office maintains 48% of malicious file attachments.
- The average cost of a data breach globally is $3.86 million.
- The health care industry pays the highest costs after a data breach at $7.13 million per incident.
- Most costs incurred from a data breach happen a year after the incident.
- A customer service employee for a financial institute has access to 11 million records, making them a risk for social engineering and phishing.
- 80% of breaches involve brute-force password attacks or stolen credentials.
- In 2020, distributed denial-of-service (DDoS) attacks increased more than 278%.
Cost of a Data Breach
The cost of a data breach rose significantly in the last year, mainly due to an increase in an at-home workforce. In 2015, the cost of a data breach on average was $3.8 million. Today, the cost of a data breach is $14.8 million.
Proofpoint researched costs associated with a data breach and found that long-term collateral costs may persist after initial costs. The loss in productivity from incident response staff and other employees due to downtime translated to an estimated 63,343 hours wasted to deal with a data breach.
Email is a common vector in attacks, and a compromise costs large businesses $6 million annually. Some attacks use email and social engineering to trick employees into paying an estimated $1.17 million in fraudulent invoices and money transfers.
Ransomware continues to evolve and can cripple an organisation. Many of these attacks start from email messages. Some organisations pay the ransom, but only $790,000 of the annual $5.66 million spent is from paying the ransom.
The average cost for organisations to resolve a data breach is $807,506, a dramatic increase from 2015’s $338,098. Credential theft via phishing accounts for many of these costs. Overall, malware and data exfiltration cost an estimated $137 million.
The Biggest Recent Data Breaches
Cyber incidents happen every day, but some stand out more than others. Data breaches involving millions of records have the most significant impact on consumers and the targeted business.
Here are a few of the latest large data breaches:
- Due to cloud storage misconfigurations, a travel booking website disclosed 10 million records containing hotel guest information, including national ID numbers, credit card information, full names, and email addresses.
- An enterprise entertainment and technology organisation mistakenly uploaded 5GB of data, disclosing 1.4 million staff and user information after an OAuth exploit.
- 7.4 billion records for a newspaper in France were disclosed containing staff and subscriber data after exfiltration from a trusted vendor’s cloud storage server.
How to Prevent a Data Breach?
Accounting for every threat, including human error, is a full-time job and difficult for small businesses, but organisations can follow specific standards and use common strategies to stop attacks. It only takes one weak link to lead to a data breach, so strategies should strengthen every aspect of the organisation, including staff cybersecurity training and education.
A few best practices for data protection against breaches include:
- Always install the latest version of the software, especially security patches.
- Use cryptographically secure encryption for network traffic and storage.
- Upgrade devices with the latest operating system updates.
- Enforce policies if users are allowed to bring their own devices.
- Use password policies to enforce password length and complexity.
- Educate employees on the warning signs for phishing, social engineering, and other attacks.
How Does Cyber Insurance Help?
Cyber insurance helps offset costs by covering monetary damages after an incident such as a virus or denial-of-service (DoS). Even with the best cybersecurity infrastructure in place, organisations will never be 100% risk-free. Cybersecurity insurance will help pay for the costs after an incident, especially when the organisation is liable for lost data. For example, healthcare organisations can incur hefty fines for losing personally identifiable information (PII).
Insurance contracts differ between insurers, so organisations must read the terms before signing. For example, an insurer might require that the organisation is compliant and has specific cybersecurity infrastructure installed to stay insured.
How Proofpoint Can Help
Proofpoint offers numerous cybersecurity strategies and plans that fit your organisation’s unique requirements. Whether it’s to stay up to date with the latest compliance requirements or to host employee security awareness training, Proofpoint ensures that your data is protected from malware, attackers, corporate espionage, ransomware, phishing, and the many risks associated with digital assets.