Data breaches have become so commonplace that it may seem like a match you’ve lost before you even enter the ring. Zero day attacks, in particular, are a daunting prospect. These breaches can crop up seemingly out of nowhere and take organizations completely off-guard and completely offline, forcing them into paying steep ransoms to bad actors or dealing with the aftermath of data loss.
While we’re seeing more data breaches than in years past, being proactive can make an enormous difference. Head-in-sand is not the optimal position for any modern organization with a network-based infrastructure. Education about the nature of modern data breaches is a great place to start.
Common Types of Data Breaches in 2021
Data breaches that originate when hackers break into a network and steal away important data tend to make headlines more often than many of the common approaches bad actors take to gain access. A comprehensive cybersecurity approach must include employee education and an organizational awareness of the primary ways network data is commonly breached.
Hackers can use various mechanisms to acquire passwords, including software that allows them to “guess” passwords. This tactic often works because users have chosen poor or easily cracked passwords. Hackers also get passwords by buying databases of stolen passwords. Since many users choose the same passwords for multiple systems and accounts, this approach can lead to big wins for bad actors.
Hackers launch these zero-day (no warning) attacks by injecting malicious software into vulnerable programmable devices, services, or networks. This tactic is not as simple as some of the other options available to hackers, but the rewards can be well worth the effort. Palo Alto Networks estimates that ransomware payouts cost affected organizations an average of $312,493 in 2020.
Phishing can yield tremendous payouts for bad actors. Here, the purpose is to gather personal information and login credentials through targeted attacks. Bad actors can get very creative with phishing, even going as far as splicing together voicemails to create recordings impersonating senior executives, who direct employees to release funds or data directly into the hands of cyber criminals.
Other Data Breach Types
Other, less common data breach types present potential issues for organizations, as well. You might hear about:
- Eavesdrop or “sniffing” attacks, which take advantage of unsecure network communications connections, intercepting data as it’s transmitted
- Cross-site scripting (XSS) attacks, where a hacker executes malicious code in a target’s web browser, often through web applications.
- Man-in-the-middle attacks, which involve redirecting network traffic, spying on victims, or sabotaging communication after breaching a system with stolen login credentials.
Ten Statistics that Highlight the State of Data Breaches in 2021
These ten statistics, compiled by Varonis, paint a clear picture of the increasing risks associated with enterprise data breaches. These attacks are costly, increasingly sophisticated, and often, involve methods easily overlooked by traditional cybersecurity products.
- Attackers will increasingly target technically advanced and biometric security features like touch ID sensors, facial recognition and passcodes (Experian).
- Industry analysts predict that we’ll see an enterprise-wide attack on a national network of a major financial institution in the coming few years (Experian).
- Symantec reports that for the first time since 2013, ransomware declined 20% overall, but increased by 12% for enterprises (Symantec).
- We can expect a cloud vendor to suffer a breach that compromises the sensitive information of hundreds of Fortune 1000 companies (Experian).
- One prominent example of the increasing scope of data breaches is the 2019 attack on Facebook, when 540 million user records via the Amazon Cloud Service (CBS).
- In its annual report, IBM estimates the global average cost of a data breach in 2021 at $3.86 million (IBM).
- Varonis reports that 62% of breaches occurring in 2020 that did not center on error, misuse, or physical action involved stolen credentials, brute force, or phishing (Varonis).
- Nearly 5,000 websites every month are breached by hackers using form-jacking code (Symantec).
- Verizon estimates that more than a third of data breaches reported in 2018 involved internal actors (Verizon).
- A study conducted by IBM reveals that the average time to identify a data breach in 2020 was more than seven months (228 days) (IBM).
MixMode gives enterprises the edge when it comes to modern data hacking approaches. The platform establishes a baseline of network behavior and develops a context-aware protocol for identifying anomalous behavior — a significant improvement over legacy, rule-based cybersecurity approaches that are only ever as current as their most recent manual update. Learn more about how MixMode can significantly improve your network security posture, and set up a demo today.