Home | 4 Common Causes of Data Breaches [Plus 4 Ways to Tackle Them]

4 Common Causes of Data Breaches [Plus 4 Ways to Tackle Them]

Orlaith Traynor

6 min readAugust 19, 2024

What exact vulnerabilities are keeping you and your fellow CISOs up at night?

And, can anything be done to help everyone rest a little easier?

Enter the revolving possibility of a data breach- a high grade, highly probable headache on the horizon.

These breaches not only pose significant risks to the data security and reputation of your business to partners, clients, and team, but they are also continually shapeshifting into various forms to create the ultimate puzzle.

Here are the common causes of security breaches that we will be covering in this guide:
1: Ransomware
2: Infostealer malware
3: API threat exposure
4: Compromised and stolen credentials

From new AI scams to emerging dark web malware trends, use this blog as a quick refresher to arm yourself with fresh uses concerning on the most common causes of data breaches.

But it is not all doom and gloom.

We’ll also share key takeaways and strategies for proactively strengthening your organization’s security posture.

1: Ransomware

Ransomware repeatedly gets the number one slot, as it is a malicious form of malware that continues to wreak havoc for CISOs.

It specifically, operates by encrypting the victim’s files or locking their system entirely, rendering it inaccessible. The attackers then demand payment in exchange for the decryption key needed to regain access to the files or system. For example, this June the FBI communicated that it’s in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims of associated cyberattacks regain access to their sensitive data.

However, this is an anomaly.

Ransomware incidents are typically underreported as more companies opt to pay the ransom and assume the associated risks. Instead of addressing the underlying problems, particularly when it comes to protected health information, companies pay up. Take the recent Change Healthcare pay out. After a severe ransomware attack hit their systems they reportedly paid $22 million to regain access to all medical pii.

UnitedHealth Group CEO, Andrew Witty, informed a Senate committee that Change Healthcare had not activated Multi-Factor Authentication (MFA) on the server that came under attack in February.

The smart move is to review and identify the vulnerabilities that exist in the first place to reduce threats. But somehow this move is widely overlooked for the wrong reasons.

As Ransomware-as-a-Service (RaaS) gains popularity and more data, cloud shares, and databases become exposed, this trend will continue to rise. Expect attackers to explore new and increasingly sophisticated methods, such as data alteration and leveraging increased computing power, in their ransomware attacks.

According to data in 2023, the estimated average recovery cost, excluding the ransom itself, was $1.82 million. However, choosing to pay the ransom to restore data could increase this cost to $2.6 million, whereas using backups could reduce it to $1.6 million

Interested in uncovering what led to the top security breaches in 2023? Download our annual report.

Increase your dark web visibility and stay agile

Implement a robust solution to allow you to protect of your digital infrastructure against external threats like ransomware attacks, malware, and breaches involving PII.These threats are designed to exploit vulnerabilities within systems to either lock access or encrypt sensitive data, demanding a ransom—often in cryptocurrency—to restore access. Find out how we can help you.

2: Infostealer malware

Understanding infostealers is a critical aspect of comprehending contemporary cyber threats and associated risks.

Check out our guide for a complete intro, “What are Infostealers? | How Can They Impact your Business?

Essentially this specific malware was developed by cybercriminals to harvest sensitive information by infecting systems. Hackers then have access to exploit the affected system and potentially systems that are connected. It tne seamlessly allows malicious insiders to easily access to confidential information and provides the ability to steal data for financial gain.

According to our trend report, in the past year, 225,000 ChatGPT credentials have been found on the stealer logs market. And infostealing AI account details has increased by 36% in the past five months alone (find 11 more key trends in this report).

Solution: Implement a robust infostealer solution that can recover your stolen credentials (CybelAngel recovered 7.6k stolen credentials per month in 2023). With a this solution you’ll discover potential data breaches with tools that identify exposed credentials, such as logins and passwords, navigation cookies, leaked API keys, and unprotected personal data on misconfigured databases and servers.

How to stop infostealer malware?

Here are three ways you can defend against vulnerabilities.

  1. Awareness and diligence is the best defence against this type of threat actor. Regularly update your online passwords and use multi-factor authentication to keep your login credentials more secure.
  2. Train your team! Empower your team with knowledge and vigilance. Make certain every member is well-versed in the looming threat of infostealers—leveraging resources such as this guide to sharpen their awareness. Cultivate an environment where everyone is alert to the red flags of cyber deception: be it through suspicious websites, anomalistic email or social media correspondence, and phishing scams.
  3. Know your options: Should the worst occur and your sensitive data falls prey to security breaches, do not despair. Your arsenal is not depleted. In instances where unsecured credentials jeopardize your brand’s integrity, solutions exist to reclaim control and mitigate damage. CybelAngel’s Account Takeover Prevention solution stands ready to intercept, offering swift remediation by severing the connections that fuel the profit of cybercriminals. Discover how we can fortify your defenses and restore your peace of mind here.

3: API threat exposure

Improper configuration, including default passwords, exposed ports, or feeble encryption, embodies a range of issues that can leave openings for hackers to exploit, allowing them unauthorized access to systems or sensitive information. This can result in data security breaches or other harmful cyber activities. Weaknesses in configuration settings or API vulnerabilities present substantial risks to data security that providers must vigilantly guard against.

To safeguard against such threats, it is imperative to adopting robust configuration protocols and conducting regular audits of API security are fundamental measures for bolstering security efforts. But of course, there are layers and layers of complexity when it comes to API threats.

Quick tip: We’ve recently released a mega API threat detection blog series:

1: What is API Security? Here’s Everything You Need to Know
2: API Attacks: Understanding and Protecting Your Infrastructure
3: What are the Key Benefits of API Discovery?
4: API Security and Data Exposure: 8 Principles to Know
5: API Threats and Brand Reputation: Your Top 10 Checklist

Recent data indicates that APIs now account for 71% of all internet traffic as of 2023. as noted in the “State of API Security in 2024” report. Data from this report also cited that enterprises experienced an average of 1.5 billion API calls per site last year. Other trends from this report emphasizes that APIs are increasingly targeted by cybercriminals, with API-related security incidents costing businesses up to $75 billion annually

Solution: To address API exposure and abuse, deploy an API threat detection solution like CybeAngel’s API Threat Detection solution. This offers comprehensive visibility, identifying vulnerabilities and detecting potential threats and abuses related to APIs. Moreover, it assists in protecting against these threats, enabling a proactive approach to security. Reinforce your overall API security posture and protect your sensitive data.

4: Compromised and stolen credentials

Although hacking attacks are frequently cited as the leading cause of data breaches, it’s often the vulnerability of compromised or weak passwords or personal data that opportunistic hackers exploit. A recent U.K. government report, Cyber security breaches survey 2024, found that 50% of business and around a third of charities (32%) reported having experienced some form of cyber security breach or attack in the last 12 months. What is interesting is that this data showcased attacks as being much higher for medium businesses. 70% of large businesses (74%) and high-income charities with £500,000 or more in annual income (66%).

Above is a data snapshot from our annual report. Read more insights here.

While hacking attacks are often highlighted as the primary cause of data breaches, the vulnerability of compromised or weak passwords remains a significant issue that opportunistic hackers exploit. The Google Cloud’s 2023 Threat Horizons Report found that 86% of breaches involve stolen credentials. This data reinforces the idea that compromised passwords remain a significant vulnerability for organizations.

According to CybelAngel data, 83% of breaches were carried out by external actors, with a staggering 49% involving stolen credentials. This data underscores the critical nature of credential security in the current threat landscape. Additionally our data reveals that over 15 billion stolen credentials are actively circulating on the internet and dark web. The retail sector is particularly vulnerable, with 50% of cyberattack victims in this space experiencing extortion.

Solution: Utilize an Account Takeover Prevention solution to detect and thwart attacks that utilize compromised credentials.This technology scans a wide range of sources, including paste sites, open databases, and dark web forums, to identify potential threats before they can be weaponized. Find out more with an expert demo of how we protect your sensitive information.

Safeguard your sensitive data with proactive cybersecurity measures

Data breaches pose a pervasive risk across various sectors, affecting organizations of all sizes and types — from healthcare and finance to ecommerce and retail. 

By proactively identifying potential vulnerabilities, organizations can reduce the likelihood of successful cyber attacks. Investing in the protection of your external attack surface is a security measure that mitigates the serious fall out from scams, ransomware attacks, and dark web

Overall, a comprehensive understanding of breach causes and the implementation of appropriate security measures are vital. Protect your data, minimize risk, and ensure long-term success with