Hackers are causing headaches for individuals, businesses, and governments by accessing and exposing sensitive information. This includes credit card details, healthcare history, trade secrets, and more.
Recent developments are making the problem worse. Things like the shift toward remote working and “smart,” hyper-connected products in the home have only increased the opportunities for sensitive data to slip through the cracks.
How can you protect yourself from this kind of malicious behaviour? In this article, we’re going to get to grips with the true meaning of a data breach, look at the most common types, and provide some real-world examples.
Put simply, a data breach is the exposure of personal, sensitive, or protected information to an unauthorized person. While the consequences of a data breach will vary depending on the intentions of those who have stolen the information (the vast majority are financially motivated), the process almost always occurs over the following four steps:
● Initial contact: Hackers will first test your defenses, passwords, and software for weaknesses and out-of-date security features.
● First attack: If weaknesses can be exploited, they’ll launch a small, localized attack to test defenses further. This is usually something fairly basic such as an email to trick people into clicking on a malicious link.
● Expanded attack: Having successfully found a way into the network, hackers can now attempt to locate and harvest as much valuable information as possible.
● Data lift: This can happen over different timescales, depending on the hacker’s intentions. They can either download a large tranche of data in one quick hit or wait undetected in the background while siphoning off new data as it appears.
Malware or viruses are the classic types of data breach and can come in a variety of forms, including Trojans and worms. They intend to wipe a computer of data or gain access to passwords. Besides, malware spreads quickly by disguising itself as a legitimate tool or website and replicating from computer to computer.
You might have heard of Emotet, also known as the “King of Malware,” which infected 450 computers at the Fürstenfeldbruck hospital in Germany in 2018. Emotet mainly targets banking and health institutions and has been identified as the most destructive malware by the US Department of Homeland and Security.
Ransomware is usually targeted at businesses or institutions that require company-specific files to operate. Their data is taken and locked away from use until a ransom is paid to access it again.
Many companies worldwide were attacked by ransomware known as WannaCry in 2017. It infected 7000 computers in the first hour. As a result, industrial giants such as Renault and Honda lost control over their manufacturing processes, while attackers demanded Bitcoin as payment.
Phishing relies on fake “mirror” websites, emails, and other forms that ask you to confirm your password and other private details. This can be someone pretending to be your bank, an urgent delivery, or even those social media posts encouraging users to share the name of their first pet or their favourite place to go on holiday.
Sony Pictures was the victim of the major phishing attack in 2014 when emails claiming to be from Apple targeted their employees, including the CEO. With their login credentials captured, the hackers accessed massive amounts of company data, including private correspondences and details about unreleased films. The attack cost the company an estimated $80 million.
These “brute force” attacks involve simple guessing of insecure passwords. Attackers use special programs that try multiple passwords to access a user’s data, taking clues from phishing scams mentioned above.
Passwords can also be found using keylogging software which can record the keystrokes you make on your computer. Unsecured personal or work computers can have the software installed, making it easy to use personal data such as credit card and banking information for identity theft.
Data breaches are extremely damaging and expensive, so it’s crucial to get into the habit of good digital hygiene. Always keep your computers and network secured, choose strong passwords, don’t click on unknown and suspicious links, and consider using a proxy where possible.