
15 Examples Of Security Incidents Affecting Small Businesses [in 2020]
Today, we’re going to look at 15 examples of security incidents that every small & mid-sized business needs to understand.
In many cases, if you can detect and properly respond to these incidents, you can prevent them from escalating into breaches.
Let’s get started.
What is a cybersecurity incident?
A cybersecurity (or information security) incident is any occurrence that is a violation of security policies and controls. Oftentimes, security incidents are indicators of larger attacks against confidentiality, availability, or integrity of information systems.
Some examples of security incidents that we will dig into further include:
Before we dive into the characteristics of these security incidents though, I want to clear up something that is often confused.
What’s the difference in a security incident and a security breach?
A security incident is any occurrence in an information system that violates the policies and procedures in place. A security breach, on the other hand, is a security incident that has escalated to the exposure of sensitive information. Incidents are usually precursors to breaches. If investigated and responded to appropriately they can often prevent breaches from happening.
Bonus Tip:
Security incidents are unavoidable. Every organization will have a security incident and maybe even a breach at some point. To mitigate the effects, identify your most critical assets. Prioritize these assets when you begin implementing security controls.
Examples of Security Incidents
There are many security incidents that could be indicators of compromise or attempted compromise at your organization.
We will only be able to discuss a few here.
If you want an exhaustive list, check out the MITRE ATT&CK framework or the Atomic Red Team framework by Red Canary.
Both of these provide great detail on various security incidents and are great resources for shoring up your defenses.
1. Unauthorized attempt to access systems or data
This is an attempt by an attacker to get access to something on your network that they shouldn’t.
It could be devices or data.
The attacker may try to phish an employee to get credentials so they can get access to the employees email.
Or they may try to read files on a file share on the network.
Ways to mitigate:
2. Privilege escalation
If attackers gain access to your network and get a foothold in some way, they will try to escalate privileges at some point.
That is, if your network is set up correctly.
If you have implemented least privilege in your environment, they will start with low level access and need to escalate to administrators at some point to achieve their goals.
So, how might an attacker gain initial access?
They could have used phishing, or used a vulnerability or missing patch.
Essentially, there are an untold number of ways.
Ways to mitigate:
3. Insider threats
Insider threat incidents are caused by your own employees or vendors accidentally or intentionally.
These types of incidents could range from accidentally clicking on malicious links or deliberately exfiltrating customer data to sell to criminals.
There are several examples of insider threat incidents that you should beware of - pawns, careless employees, collaborators and lone wolfs.
Pawns are employees who are being manipulated by bad actors to cause harm to your environment.
Careless employees take harmful or careless actions without malicious intent.
Collaborators work with another entity such as a competitor or otherwise motivated attacker to steal sensitive information from your company.
Lone wolves are insiders who are working by themselves to achieve some malicious goal.
Ways to mitigate:
4. Phishing incidents
Phishing attack incidents occur when hackers try to impersonate someone or another company and get one of your employees to take some detrimental action.
These attacks usually happen via email or text message.
Ways to mitigate:
5. Malware incidents
Malware incidents can come in many forms and methods.
They can include ransomware, viruses, trojans, worms, adware, coin miners, and more.
There are a myriad of ways malware can be installed on your systems.
Employees can accidentally click links or attackers could brute force and gain access to your servers.
Ways to mitigate:
6. Denial of service
A denial of service incident happens when someone performs an attack to overwhelm your systems with traffic.
They flood your server or system with so much traffic that it is overloaded and can’t operate.
This can cause the system to crash or simply be unusable.
Ways to mitigate:
7. Man in the middle
A man-in-the-middle (MitM) attack intercepts network communications and proxies them through an attacker’s device.
They can eavesdrop on all traffic passing through.
This means that if you are entering passwords or other sensitive information, they could potentially get it.
MitM attacks can be quite difficult to detect, so prevention is important.
Ways to mitigate:
8. Password attack
There are many ways that password attacks can happen, but any security incident involving password attacks merits an investigation.
Password attacks can include:
All of these are dangerous and could result in unauthorized access to systems or data
Ways to mitigate:
9. Web application attack
Web application attacks are security incidents where attackers target websites or other web applications as an entry point into your environment.
They may use SQL injections, known exploits, cross site scripting, or various other attack methods.
These types of security incidents can be challenging to detect.
Ways to mitigate:
10. Loss or theft of equipment
The loss or theft of equipment with sensitive information is a serious risk.
If an attacker has access to a laptop or mobile device that is not encrypted, they can get access to all data on it.
It’s quite simple to get around passwords.
In fact, under HIPAA, the loss or theft of equipment is considered a breach and must be reported.
Any time someone loses a device, a security incident review should be conducted to determine if sensitive information was leaked
Ways to mitigate:
11. Removable media
Removable media attacks usually involve USBs and CDs or DVDs.
Attackers can deploy scripts and malware to your network from programs on these devices.
Operating systems have done a lot to control this threat over the last few years, but it still exists.
Ways to mitigate:
12. Improper disclosure of sensitive information
Improper disclosure happens when an employee or vendor accidentally sends sensitive information to the wrong party or sensitive information is left unprotected.
We have seen this happen a lot since AWS buckets became popular.
Ways to mitigate:
13. Port scanning
Attackers are constantly scanning the internet looking for potential targets.
This usually involves port scanning - a scan in which a device is inspected to see which ports are open.
If ports are found to be open, the scanner will send special packets to look for responses.
From these responses, it can figure out what applications or services are running.
Port scans happen quite frequently and are typically not a cause for much concern.
Ways to mitigate:
14. Data exfiltration
When data is found to be actively leaving your network, you have a serious security incident.
This typically means that attackers have already compromised your network, escalated privileges, and begun taking what they want.
Ways to mitigate:
15. Improper disposal
When you are finished using a device, you can’t just throw it away.
There is sensitive information on it that can be accessed and read.
This applies to mobile devices, hard drives, USB drives, DVDs, CDs, servers, printers, copiers, and any other device that stores information.
Similarly, paper records should be shredded or addressed in another acceptable manner.
Ways to mitigate:
Conclusion
These examples of security incidents should help you begin identifying them in your network and responding appropriately.
Remember, everyone has security incidents.
If you can contain them before they turn into breaches or leaks of confidential data, you will be much better off.
This means that you need to have a solid incident response plan in place.