What’s the difference between whales and data?
When you see a whale breach, you stare in awe.
When you see a data breach, you stare in shock.
No one ever wants to feel that heart-stopping sensation that comes along with the realization that your data has been breached. But if you do end up in that situation, it behooves you to figure out - as quickly as possible - which of the types of data breaches your breach falls into.
Identifying the type of data breach will help you move toward effective mitigation rapidly.
But unlike types of whales, which fall neatly into the “baleen whales” and “toothed whales” categories, there are multiple ways to divide data breaches into types. So how do you categorize types of data breaches?
This post will cover several different ways to categorize data breaches, and then we’ll hone in on one of those ways, which is usually the practically most effective way to categorize a data breach.
Ways to categorize types of data breaches
Three of the main ways to define types of data breaches are:
- By cause of breach
- By kind of data compromised
- By impact on the data
Let’s go through those one by one.
Types of data breach by cause
How did the data breach happen? What methodology did the attacker use? Who or what was the weak link?
If you’re defining breaches by their cause, types of data breaches include:
- Hacking/IT Incident: a breach caused by unauthorized access to systems and data through technical means, such as exploiting software vulnerabilities or causing the installation of malware
- Insider Threat: a data breach caused by individuals who have legitimate access to the organization’s data systems, like employees, contractors or partners. This insider threat can stem from intentional malice, negligence or ignorance (see Human Error below).
- Physical Theft/Loss: a data breach caused by the theft or loss of physical devices containing sensitive data, such as laptops, USB drives, or printed documents.
- Human Error: data exposure caused by mistakes made by employees or contractors, such as misconfiguring databases, sending information/access to the wrong recipient or improper disposal of records.
- Social Engineering: a data breach caused by manipulating individuals into disclosing sensitive information through tactics like phishing, pretexting or baiting.
Types of data breach by kind of data compromised
What data did the attackers access in the breach? Not all sensitive data is created equal. The exposure of different types of data will have different consequences and necessitate different responses.
If you’re defining breaches by the kind of data affected, types of data breaches include:
- Personal Identifiable Information (PII): data that can be used to identify an individual, such as names, addresses, social security numbers and dates of birth.
- Financial Information: data related to financial transactions, bank account details, credit card numbers and payment information.
- Health Information: medical records, health insurance information and other data protected under regulations like HIPAA.
- Intellectual Property: proprietary business information, trade secrets, patents and copyrighted materials.
- Credentials: usernames, passwords, and other authentication details. This kind of breach is especially dangerous because it can quickly lead to follow-on attacks where attackers use the compromised credentials to gain access to other systems.
Types of data breach by impact on data
What did the data breach actually DO to the data? What will you be dealing with the next time you log into your data systems?
If you’re defining breaches by impact, types of data breaches include:
- Confidentiality breach
- Integrity breach
- Availability breach
Categorizing data breaches by their impact on the data is immediately and practically relevant. It lets you know what you will see in your data systems and the type of mitigation or remediation required to ensure business continuity. So let’s go into each one of those “impact” types of data breaches in more detail. (And we’ve included a handy table to summarize everything at the end.)
Confidentiality Breach
A confidentiality breach is when sensitive data is exposed to unauthorized parties.
Intentional confidentiality breaches may manifest as:
- Exfiltration bulk data theft: when large volumes of data are copied and removed from the organization’s systems.
- Selective data theft: when specific targeted data, such as intellectual property or financial records, is stolen.
In SaaS systems, confidentiality breaches are particularly easy to cause inadvertently, just by sharing sensitive data assets with too wide an audience. In addition, the adoption of generative AI increases the chances that over-sharing data assets will lead to a confidentiality breach.
The consequences of data confidentiality breaches, whether intentional or unintentional, can include:
- Violation of industry regulations (such as HIPAA, GDPR, etc.) and the legal and financial consequences that accompany such violations
- Loss of strategic advantage
If this data is not only copied or recorded elsewhere, but is also removed from the organization’s systems, then you have a data integrity breach in addition to your confidentiality breach.
Integrity Breach
An integrity breach is the unauthorized alteration or destruction of data.
Intentional integrity breaches may manifest as:
- Unauthorized changes: when data assets are altered without authorization, impacting their accuracy and reliability.
- Data fabrication: when false data is injected into your system.
- Data deletion: when data is simply removed from your systems.
The consequences of data integrity breaches can include:
- Inaccurate reporting and evaluation of business processes
- Misguided decisionmaking that is based on faulty or incomplete data
Availability Breach
An availability breach is a disruption to your access or use of your data or information systems.
Intentional availability breaches may manifest as:
- Denial-of-service attacks: when a data service is overwhelmed by illegitimate requests to the system, disrupting access for legitimate users
- Ransomware: when malware encrypts data, making it unusable and inaccessible to you, and demands payment for decryption.
The consequences of data availability breaches can include:
- Business disruption, as legitimate users are unable to access your organization’s data
The following table sums up the impact of the above types of data breaches:
FAQ
What are the 4 common causes of data breaches?
Four common causes of data breaches are:
- Hacking/Cyberattack: a breach caused by external parties who use technical means to gain unauthorized access to systems and data
- Insider Threat: a data breach caused by individuals who misuse their legitimate access to the organization’s data systems
- Human Error: data exposure caused by mistakes made by employees or contractors, such as misconfigurations or sending information/access to the wrong recipient
- Social Engineering: a data breach caused by manipulating organization insiders into unknowingly disclosing sensitive information
What are the 5 steps of data breach?
The 5 steps of a data breach are:
- Target research: the attacker investigates the target to discover its weak points and the best way to gain access to the data
- Vulnerability identification: the attacker evaluates what they discovered during their target research and decides upon a weak point that will be the focus of the attack (e.g. decides that the employees are the weakest point in the organization’s data security)
- Exploitation: the attacker takes a defined action to take advantage of the target’s vulnerability (e.g. the attacker sends a phishing attack email to an employee)
- Payload delivery/system access: the exploit succeeds in granting access to the attacker (e.g. the employee is fooled by the phishing attack and enters their credentials)
- Data extraction: the attacker gets their hands on the organization’s data and compromises it in some way (e.g. exposes, exfiltrates, encrypts)
What defines a data breach?
A data breach is an incident where unauthorized individuals access, disclose or misuse confidential, sensitive or protected information, often resulting in compromised data privacy, security and integrity for individuals, organizations or systems.
What are GDPR breaches?
GDPR breaches occur when organizations fail to comply with the EU’s General Data Protection Regulation, leading to unauthorized access, disclosure or misuse of the personal data of EU residents. GDPR breaches include inadequate data protection measures, failing to report breaches or mishandling user consent, resulting in potential fines and penalties.
What is the difference between a breach and a data breach?
A breach is when an unauthorized party gets inside your organization’s perimeter. This could be a physical breach, as in the case of a city under siege when the surrounding army succeeds in getting past the city’s perimeter (e.g. “the wall has been breached!”). This could also be a cyber breach, which would be when an unauthorized party gets into your digital systems. A data breach is a sub-category of breach that applies to information systems, which are usually cyber/digital in nature.