6 Cybersecurity Threats That Lead to Business Breaches and Hacks
Over the past two decades, breaches and hacks in businesses have been continually on the rise, costing a cumulative hundreds of billions of dollars a year for organizations across the globe. While cybercriminals aren’t going to disappear any time soon, companies can stay a few steps ahead by being on the lookout for common data security threats.
We may not be able to predict hackers' exact next moves, but we do know the tactics they rely on to get company data. Here are the top threats to protect your business against in order to keep sensitive information secure.
The most common tactic used by hackers, phishing is effective because it exploits human curiosity, carelessness, and error. A tried and true hack, with attacks doubling in 2020, cybercriminals endlessly hone their techniques to deceive even the savviest employees.
Want more information about protecting your company from phishing scams? Get our free phishing e-book.
Malware threats make up nearly one-fifth of data breaches. And while this damaging software has become somewhat less prevalent in recent years, malware tools are still improving. The type of malware most commonly seen in breaches (about 40%) and continuing to increase, is password dumping, a tactic used to steal credentials.
Emotet, which started out as banking malware and grew to become one of the largest botnets, targeted 20% of organizations globally in 2020.
The magnitude of the threat of ransomware is on the rise. The new evolution of this type of malware not only paralyzes systems but also extracts data. Cybercriminals have turned to double extortion—threatening to leak the data (or actually doing it) to compel the victims to pay.
In 2020, researchers saw a surge of double-extortion ransomware attacks, a tactic that emerged in late 2019. Nearly 50% of ransomware attacks in Q3 2020 included threats to release exfiltrated data.
4. Compromised credentials
Compromised passwords create a self-perpetuating cycle. Cybercriminals often use stolen credentials to breach businesses—but they also breach businesses to steal passwords and then sell, lease, or give them away on the dark web. After phishing, use of stolen credentials is the most common action involved in data breaches.
Microsoft’s Office 365 software is a frequent target of phishing attacks whose aim is to harvest employee credentials. In 2019, Microsoft blocked a billion URLs set up for launching phishing credential attacks.
5. Data leaks
Tied closely to compromised credentials, data leaks can be the downfall of a company’s security. Anyone who has access to hacker forums and other dark web resources can find huge databases of credentials for free. One group alone, known as ShinyHunters, is responsible for openly sharing 47 databases containing more than 550 million credentials in 2020. In October and November 2020 alone, the black-hat hackers exposed more than a million unique email addresses belonging to S&P 100 companies; IT and cybersecurity companies; and government, education, and military agencies.
As employees frequently reuse passwords across platforms or use personal credentials for work, data leaks can be devastating for businesses even when their employees' personal data is compromised.
6. Insider threats
Whether acting maliciously or carelessly, insiders—both employees and contractors—contribute to a large number of security incidents. Containing the damage of an incident that stemmed from someone within the company can take an average of two months, and credential theft is the most expensive type of insider incident.
According to Risk Based Security’s year-end report in 2020, 18% of data breaches are due to insiders and 69% of insider-related breaches are due to employee mistakes, oversights, or errors.
Looking for more info?
Learn more about the simple, proactive steps you can take to combat these threats and help secure your company’s future. Check out our latest guide, A Business Guide to Breaches and Hacks, to get started.