With the average cost of a data breach currently $4.35M and still growing, you’re striving to stay ahead of threat actors to protect your organization.
It begins with knowing as much as possible about the vulnerabilities and all the ways you can be breached to make the changes needed to maintain cybersecurity hygiene that works.
Here we’re taking a deep dive into the anatomy of a data breach and breaking it all down. The attack surface, vectors, and what causes a data breach.
What Is Your “Attack Surface”?
There are many ways a threat actor can use to gain access to a business network. Most cybersecurity professionals plot out the sum of the total points where attacks can occur and unauthorized users (threat actors) can possibly manipulate or extract data using a long list of data breach methods (Cyber Attack Vectors).
Consider all the devices and apps in your environment (infrastructure, endpoints, apps, IoT, and more) on one side. Then multiply all the different breach methods an attacker could use (phishing, social engineering, reused passwords, weak or default passwords, unpatched software, misconfiguration, etc) on the other.
The place where they converge is your attack surface, which is defined as: the number of all possible points, or attack vectors, that an unauthorized user or attacker can leverage to access a system and extract data.
Where can it all go wrong? That’s the question we’re all asking in an effort to prevent it from ever happening.
Common Attack Vectors
When cybercriminals attack a network, they employ a certain tactic or technique to leverage an opportunity. A “vector” by definition is a force with a direction, and that’s exactly what an attack vector is: the point of focus for attackers to gain entry. The TTPs (tactics, techniques, and procedures) we document are used to develop methods to mitigate attacks with a certain vector.
Typically, attack vectors target weaknesses in your security, environment, or in the people working at your organization.
Some of the attack vectors used by threat actors include:
- Stolen or Compromised Credentials
- Software Vulnerabilities as recorded in CVEs
- Weak Credentials
- Poor or Missing Encryption
- Phishing or Spear Phishing
- Trust Relationships
- Malicious Insider
The attack surface for many enterprises can be larger than imagined – all the assets times all the attack vectors add up to a very large area.
Cybersecurity attacks include some of the most well-known data breaches in recent times, such as the 2019 Capital One Attack, T-Mobile in 2021 (it has made the list a couple of times), and the Colonial Pipeline breach that brought ransomware much notoriety.
Each cybersecurity attack starts with an attack vector; after an attack, you walk it backward, piece by piece, to find where it all started.
What Causes a Data Breach?
Clearly a threat actor causes the breach, but which oversights in your security present the opportunity? Which vectors are the most successful?
Typically, phishing tops most lists. Beyond the vectors themselves, what are the leading causes of data breach?
- Human error: Most research shows that humans and human error are part of over 80% of data breaches. Very often, employees unknowingly expose private information.
Whether human error, such as weak passwords, failing to update software and install patches, or even leaving laptops and other personal devices unsecured, there are many ways human error can cause a data breach.
- Cyberattacks: Cyberattacks are still a major threat to large organizations, small businesses, and individuals. Attack vectors such as malware, phishing, and ransomware are some of the tactics cybercriminals use to launch an attack. The goal of any cybercriminal is to gain unauthorized access to a network and its private data.
Depending on the attack method will determine what vector the cybercriminal will use. In a phishing attack, an email may have malware embedded that, once installed, provides the access the threat actor needs to begin its work.
Ransomware attacks seek to steal and encrypt the victim’s data and then require a huge payment to get the decryption key.
- Vulnerabilities: Beyond human error and cyberattacks, sometimes the cause comes from the systems themselves. An excellent example is seen in the case of Akasa Air, an India-based airline. A technical problem let the private information of thousands of its customers get released.
Unpatched systems, or those that aren’t correctly configured, are leveraged by cybercriminals to gain unauthorized access to an organization’s network and its private data. Typically, attackers can do this without needing direct access to a system.
Preventing Data Breach
When a data breach occurs, it can lead to financial devastation and much more both for individuals and businesses. In addition to individuals and businesses, government entities can also be victims of a data breach, and these can lead to the loss of intelligence and sensitive national security information.
Besides, data breaches of businesses can result in long-term and critical impacts. Beyond the high costs related to the breach itself, there are residual financial business losses, damages to the business’s reputation, regulatory and legal consequences, competitive advantage losses, and disruption to the business overall.
All of these things combined are why businesses are looking at how to best prevent these attacks from happening at all. Some suggest a multi-layered approach that implements administrative, technical, and physical controls.
Additionally, training employees on data security is critical. A robust program should include the risks of data breaches, the importance of data security, and how to identify potential security threats. It should also provide staff with clear guidelines on using strong passwords, handling sensitive information using encryption, and avoiding phishing ploys.
While avoiding a data breach is an excellent goal, it is best to be prepared in case one happens. Having an incident response plan prepared that outlines all the steps that should be taken, how to notify those affected, best practices for containing the breach, and steps to restore data and systems.