Know your enemy – understanding the 7 different types of data breaches

Every day almost 7 million data records are compromised, with no organisation or sector immune. Organisations are facing a war on data breaches, so it’s imperative that ‘know your enemy’ becomes part of their battle tactics.

Data breaches come in various forms and sizes – not all incidents are caused by sophisticated cyber attacks. To help you understand what your organisation is facing, here’s a breakdown of some of the most common types of data breaches.

1. Employee negligence/error

Something as simple as including the wrong person in the Cc field of an email or attaching the wrong document to an email could cause a data breach. We’re all guilty of making mistakes – it’s human nature – but employees need to understand the most important elements of information security, and non-technical staff need to be made familiar with security awareness policies and procedures.

2. Cyber attack/criminal hacker

The ways in which cyber criminals try to gain access to your systems are becoming more sophisticated. Often it isn’t always obvious that an attack has taken place until significant damage has been done. Cyber attacks can come in various forms, including denial of service, malware and password attacks.

3. Unauthorised access

Access controls are designed to stop certain information from being seen by the wrong people. A breach of these controls means that someone has gained unauthorised access to sensitive data, such as bank details stored by HR, or potentially compromised business critical information.

4. Physical theft/exposure

Although there is a lot of emphasis on the digital aspects of a data breach, physical exposure or theft of data is an equally important threat that organisations must consider in their security plans. This type of data breach can be caused by improper disposal of sensitive information, or simply leaving a confidential document in plain sight.

5. Ransomware

Ransomware is a type of malicious program that demands payment after launching a cyber attack on a computer system. If the organisation fails to comply with the extortion, its essential data is destroyed, although there’s no guarantee that it will regain access to its data even after paying up.

6. Insider threat

Your employees know how your organisation operates, how vital information can be accessed and the measures in place to protect it, which is why you should put in place appropriate training and security protocols.

7. Phishing

Emails are a common part of our daily lives, making them a popular attack vector for cyber criminals. Crooks might adopt the seemingly legitimate credentials of such companies as insurers, banks, etc. to gain access to your personal information by encouraging you to click an unsafe link or download a malicious attachment.

Are you prepared for a data breach?

The war on data breaches is a reality for all organisations, and the list above highlights just a few of the threats that you need to prepare for.

Our new quiz will assess your breach readiness, provide you with a personalised report summarising your answers and make recommendations for improving your defence measures.

Take the quiz >>