Select Dynamic field

15 Examples Of Security Incidents Affecting Small Businesses [in 2020]

Today, we’re going to look at 15 examples of security incidents that every small & mid-sized business needs to understand.

In many cases, if you can detect and properly respond to these incidents, you can prevent them from escalating into breaches.

Let’s get started.

What is a cybersecurity incident?

A cybersecurity (or information security) incident is any occurrence that is a violation of security policies and controls. Oftentimes, security incidents are indicators of larger attacks against confidentiality, availability, or integrity of information systems.

Some examples of security incidents that we will dig into further include:

  • Unauthorized attempts to access systems or data
  • Privilege escalation attempts
  • Password attacks
  • Loss or theft of devices storing sensitive information
  • Improper disclosure of sensitive information
  • Port scanning & network scanning activities
  • Denial of service (DoS) attacks
  • More

Before we dive into the characteristics of these security incidents though, I want to clear up something that is often confused.

What’s the difference in a security incident and a security breach?

A security incident is any occurrence in an information system that violates the policies and procedures in place. A security breach, on the other hand, is a security incident that has escalated to the exposure of sensitive information. Incidents are usually precursors to breaches. If investigated and responded to appropriately they can often prevent breaches from happening.

Bonus Tip:

Examples of Security Incidents

1. Unauthorized attempt to access systems or data

Ways to mitigate:

  • Use the principle of least privilege as you create and deploy systems and data sets within your environment. (don’t forget cloud and SaaS)
  • Implement multi-factor authentication to require a second verification before users can access information systems
  • Encrypt sensitive data sets at rest and in transit in your environment

2. Privilege escalation

Ways to mitigate:

3. Insider threats

Ways to mitigate:

  • Implement security monitoring solutions such as a SIEM to monitor events in your environment and alert when abnormal activities occur
  • Follow the principle of least privilege so that employees only have access to the least amount of data or access they need to do their job
  • Train employees on risks to avoid before allowing them to use systems or software in your network

4. Phishing incidents

Ways to mitigate:

5. Malware incidents

Ways to mitigate:

  • Use an effective endpoint protection or antivirus software
  • Control administrative access so that employees are working in non-administrative accounts and limiting reach of malware

6. Denial of service

Ways to mitigate:

  • Configure firewalls and routers to automatically block DoS traffic
  • Proxying websites and public facing servers behind DoS prevention can help mitigate the risk

7. Man in the middle

Ways to mitigate:

  • Encrypt data communications in motion using encryption protocols such as TLS and SSL
  • Use encrypted WiFi protocol WPA2
  • Train employees on the risk of public WiFi and how to use VPNs to conceal their traffic

8. Password attack

  • Brute force - attackers try random characters over and over until they guess the right combination
  • Dictionary attack - an attacker gets a hash of the password and uses a dictionary of common passwords to run hashes and try to see what matches what they have
  • Phishing - the attacker tricks an employee into giving their password to them

Ways to mitigate:

  • Train your employees to use strong passwords that are hard to brute force or find via a dictionary attack
  • Implement failed login lockouts that will lock someone out after numerous failed attempts to login
  • Use multi-factor authentication to increase the difficulty for attackers to access your systems

9. Web application attack

Ways to mitigate:

  • Regularly review web applications during development to avoid OWASP Top 10 vulnerabilities
  • Proxy web applications behind web application firewalls that can detect attacks in progress and block the attackers
  • Conduct regular penetration tests or bug bounty exercises to identify vulnerabilities

10. Loss or theft of equipment

Ways to mitigate:

  • Encrypt mobile devices so that attackers can’t get any data off of them if the device is stolen or lost
  • Store sensitive information in central locations rather than on mobile devices

11. Removable media

Ways to mitigate:

  • Disable the autorun feature on removable media so that any programs or scripts on them aren’t automatically run
  • Configure your antivirus software to automatically scan removable media when they are connected to your computers
  • Limit which peripherals are allowed to be used using serial numbers

12. Improper disclosure of sensitive information

Ways to mitigate:

  • Train employees to double check where they are sending sensitive information
  • Create configuration check lists when deploying new services or systems to ensure that sensitive data isn’t left disclosed

13. Port scanning

Ways to mitigate:

  • Use proxies and web application firewalls to detect port scans and stop them
  • Configure systems to not respond to common port scan techniques like PING

14. Data exfiltration

Ways to mitigate:

  • Use a Data Loss Prevention solution to identify sensitive information in your environment and track its movement
  • Apply the principle of least privilege to all assets in your network
  • Use intrusion detection solutions to analyze network traffic and detect loads different that your baseline of normal activity

15. Improper disposal

Ways to mitigate:

  • Follow disposal best practices such as those outline by NIST
  • Train your employees on disposal practices