- Weak and Stolen Credentials
- Application Vulnerabilities
- Malicious Insiders
- Malware
- Social Engineering
What Are the Consequences of a Data Breach?
According to the IBM Cost of Data Breach report, the average cost of a data breach in the US is $4.24 million. Many organizations suffer from the surge in cybercrime, especially from the growth in ransomware attacks.
The actual cost extends beyond the immediate business disruption and technical remediation burden. Additional factors that push up costs include legal penalties, lower productivity, and reputational damage. Organizations may lose customers and investors after a breach, and regulatory bodies may require them to pay hefty fines.
The cost of data breaches is at a record high and will likely continue to rise. The impact of a data breach is especially significant in the healthcare sector, where patient confidentiality is an obligation. Across industries, the largest single factor contributing to the cost of a data breach is the lost revenue resulting from lower customer retention and recruitment rates.
During an attack, systems cannot process data or provide services to customers, resulting in business losses until the organization can repair them. Time is also an important factor—undiscovered vulnerabilities cause more damage when unaddressed for longer. Attackers have more time to exfiltrate data.
Recent Data Breach Attacks Examples
Here are examples of recent, highly publicized data breaches:
- Log4Shell exploit, 2021—a critical remote code execution (RCE) vulnerability was discovered, affecting the popular Java logging library Log4j. This could allow an attacker to take complete control of a system running Log4j, without requiring user intervention. According to reports, there were probably millions of attempts to exploit the vulnerability, which affects the world’s biggest organizations across all industries.
- Kaseya, 2021—an unknown perpetrator broke into Kaseya's network and distributed ransomware to at least three Managed Service Providers (MSPs) who use Kaseya products. As a result of this supply chain attack, the Ransomware spread to between 800-1500 small to medium sized customers of those MSPs.
- Facebook, 2021—a data breach exposed the personal information of more than 533 million Facebook users to hackers, including real names, date of birth, current city, and posts posted on Facebook walls. The vulnerability was discovered by White Hat Security in 2021, but was present since 2019.
- JBS, 2021—the world's third-largest meat processor was attacked by ransomware. As a result of the attack, hundreds of beef and chicken processing plants on four continents experienced prolonged downtime.
- Sina Weibo, 2020—the Chinese microblogging site reported attackers had access to parts of its database and breached 538 million Weibo users, including personal information such as real names, usernames, location, and phone numbers. The attackers sold the database for $250 on the Dark Web.
- Here are examples of recent, highly publicized data breaches:
- Log4Shell exploit, 2021—a critical remote code execution (RCE) vulnerability was discovered, affecting the popular Java logging library Log4j. This could allow an attacker to take complete control of a system running Log4j, without requiring user intervention. According to reports, there were probably millions of attempts to exploit the vulnerability, which affects the world’s biggest organizations across all industries.
- Kaseya, 2021—an unknown perpetrator broke into Kaseya's network and distributed ransomware to at least three Managed Service Providers (MSPs) who use Kaseya products. As a result of this supply chain attack, the Ransomware spread to between 800-1500 small to medium sized customers of those MSPs.
- Facebook, 2021—a data breach exposed the personal information of more than 533 million Facebook users to hackers, including real names, date of birth, current city, and posts posted on Facebook walls. The vulnerability was discovered by White Hat Security in 2021, but was present since 2019.
- JBS, 2021—the world's third-largest meat processor was attacked by ransomware. As a result of the attack, hundreds of beef and chicken processing plants on four continents experienced prolonged downtime.
- Sina Weibo, 2020—the Chinese microblogging site reported attackers had access to parts of its database and breached 538 million Weibo users, including personal information such as real names, usernames, location, and phone numbers. The attackers sold the database for $250 on the Dark Web.
- Avast, 2019—hackers compromised employees' VPN credentials, with the goal of injecting malware into Avast products. The attack was discovered before it led to a full scale beach.—hackers compromised employees' VPN credentials, with the goal of injecting malware into Avast products. The attack was discovered before it led to a full scale beach.
Common Causes of Data Breaches
Weak and Stolen Credentials
Compromised passwords are a common cause of data breaches. Many users rely on common phrases for passwords, or reuse passwords between different accounts. Attackers can easily compromise these passwords and once they obtain one, they gain access to multiple accounts owned by the same user.
Organizations must enforce strong password policies, and enforce multi-factor authentication for all sensitive systems and data. Many organizations are transitioning to passwordless authentication, which eliminates the serious security risks associated with weak passwords.
Application Vulnerabilities
At some point, most software products will experience a security vulnerability that exposes them to cyber attacks. Software vendors regularly discover vulnerabilities, or are informed about them by security researchers, and attempt to remediate them before criminals can exploit them.
Whenever a vulnerability is fixed, the software vendor releases a patch or new version. This patch must be applied as soon as possible by all organizations using the software, as well as their employees and third-party vendors, because attackers will actively seek users who have not yet applied the patch.
Malicious Insiders
Many employees have access to sensitive information, and there is always the possibility that one of them will try to misuse it. Malicious insiders can have different motives, including financial gain, emotional challenges, or a desire for revenge.
Insider threats are extremely difficult to detect using traditional security techniques, because malicious insiders have legitimate access to corporate systems. However, new security technologies such as behavioral analysis make it possible to identify suspicious behavior by existing user accounts, which may indicate an insider threat.
Malware
Malware is malicious software that attackers attempt to deploy on a target system, usually via social engineering (tricking users into clicking malicious links or attachments) or by exploiting software vulnerabilities. Malware can compromise credentials or steal data from a victim’s device, encrypt and destroy files on the device, or do other types of damage. Many types of malware can spread rapidly to infect an entire network or environment.
Social Engineering
Social engineering is an attempt by an external attacker to trick users into divulging sensitive information or performing actions that violate security policies. A vast majority of cyber attacks leverage social engineering, because users are typically the weakest link of an organization’s cybersecurity defenses. Social engineering techniques include phishing, baiting, pretexting, and scareware.
4 Ways to Prevent a Data Breach
1. Vulnerability Assessments
Organizations should regularly assess their systems to identify vulnerabilities and associated risks. These assessments help determine if the established security policies require updates, strengthening the overall security strategy.
2. Implementing Least Privilege
When implementing an Identity and Access Management (IAM) system, organizations should apply the principle of least privilege to ensure that each user only has the necessary access permissions. Maintaining least privilege access can be complicated, especially if the organization has many users with constantly changing roles. However, this security control is essential for ensuring that malicious actors (internal or external) cannot access sensitive data.
3. Data Backup and Recovery
Organizations should regularly back up their data and establish a recovery plan to restore their data after a breach. A backup and recovery plan helps ensure a faster response to minimize damage and prevent downtime. Administrators should regularly review the risk management, backup, and recovery policies to prevent attackers or ransomware from accessing backup data.
4. Penetration Testing
Penetration tests are simulated attacks that allow ethical hackers to identify vulnerabilities in computer systems, networks, or applications. Organizations may use third-party or in-house penetration testers to mimic an attacker’s techniques and determine how easily they can hack the system.
Penetration tests are also useful for evaluating compliance with security regulations. Organizations use regular pentesting to identify vulnerabilities proactively before an attacker can exploit them.
Data Breach Prevention with HackerOne
The HackerOne continual security testing platform combined with the power of ethical hackers prevents data breaches by finding and fixing application flaws before cybercriminals do.
The hacker community surveils an organization's attack surface, looking for the vulnerabilities that are most likely to be exploited. With their experience, creativity, and tenacity they often find vulnerabilities that scanners miss. Hackers recognize the risk context and severity of misconfigurations that can lead to damaging and costly data breaches.
Even in organizations with large internal security teams and mature vulnerability management processes, hackers routinely find and fix a significant number of critical vulnerabilities, assuring that unintended flaws don’t become open doors for bad actors.
