Data Breaches

  1. Causes and Sources of Data Breaches
    1. External Malicious Attacks
      1. Hacking and Intrusion
        1. Brute Force Attacks
          1. Dictionary Attacks
            1. Credential Stuffing
              1. Exploiting Known Vulnerabilities
                1. Zero-Day Exploits
                2. Malware Attacks
                  1. Ransomware
                    1. Spyware
                      1. Keyloggers
                        1. Banking Trojans
                          1. Advanced Persistent Threats
                          2. Social Engineering Attacks
                            1. Email Phishing
                              1. Spear Phishing
                                1. Pretexting
                                  1. Baiting
                                    1. Quid Pro Quo
                                    2. Denial-of-Service Attacks
                                      1. Distributed Denial-of-Service (DDoS)
                                        1. Application Layer Attacks
                                          1. Distraction for Data Theft
                                        2. Insider Threats
                                          1. Malicious Insiders
                                            1. Data Theft for Personal Gain
                                              1. Corporate Espionage
                                                1. Sabotage and Revenge
                                                  1. Selling Information
                                                  2. Negligent Insiders
                                                    1. Accidental Data Exposure
                                                      1. Mishandling Sensitive Data
                                                        1. Falling for Phishing Attacks
                                                          1. Policy Violations
                                                          2. Compromised Insiders
                                                            1. Coerced Employees
                                                              1. Blackmailed Staff
                                                            2. System and Process Failures
                                                              1. Technical Failures
                                                                1. Software Vulnerabilities
                                                                  1. Unpatched Systems
                                                                    1. Zero-Day Exploits
                                                                      1. Buffer Overflows
                                                                        1. SQL Injection Flaws
                                                                        2. System Misconfigurations
                                                                          1. Default Credentials
                                                                            1. Open Ports and Services
                                                                              1. Publicly Accessible Storage
                                                                                1. Weak Access Controls
                                                                                2. Infrastructure Failures
                                                                                  1. Hardware Malfunctions
                                                                                    1. Network Equipment Failures
                                                                                  2. Process Failures
                                                                                    1. Weak Credential Management
                                                                                      1. Password Reuse
                                                                                        1. Shared Accounts
                                                                                          1. Lack of Multi-Factor Authentication
                                                                                          2. Inadequate Data Handling
                                                                                            1. Improper Data Classification
                                                                                              1. Insecure Data Transmission
                                                                                                1. Poor Data Retention Practices
                                                                                                2. Insufficient Security Controls
                                                                                                  1. Lack of Encryption
                                                                                                    1. Missing Security Monitoring
                                                                                                      1. Inadequate Backup Procedures
                                                                                                  2. Physical Security Failures
                                                                                                    1. Lost or Stolen Devices
                                                                                                      1. Laptops and Computers
                                                                                                        1. Mobile Devices
                                                                                                          1. Removable Storage Media
                                                                                                            1. Backup Tapes
                                                                                                            2. Unauthorized Physical Access
                                                                                                              1. Tailgating
                                                                                                                1. Lock Picking
                                                                                                                  1. Social Engineering for Access
                                                                                                                    1. Lack of Physical Barriers
                                                                                                                    2. Improper Disposal
                                                                                                                      1. Unshredded Documents
                                                                                                                        1. Unwiped Hard Drives
                                                                                                                          1. Discarded Storage Media
                                                                                                                        2. Third-Party and Supply Chain Issues
                                                                                                                          1. Vendor Security Failures
                                                                                                                            1. Third-Party Data Breaches
                                                                                                                              1. Inadequate Vendor Controls
                                                                                                                                1. Supply Chain Compromises
                                                                                                                                2. Cloud Service Provider Issues
                                                                                                                                  1. Misconfigured Cloud Storage
                                                                                                                                    1. Shared Responsibility Gaps
                                                                                                                                      1. Cloud Service Outages

                                                                                                                                  Previous

                                                                                                                                  2. The Anatomy of a Data Breach

                                                                                                                                  Go to top

                                                                                                                                  Next

                                                                                                                                  4. Common Vulnerabilities and Attack Vectors