Insider and privilege misuse: Company insiders know the value of information and sometimes they steal it. Maybe they sell it or use it to start a new company.

Physical theft and loss: A laptop left in a hotel lobby be used to breach protected information. However, breaches could also still involve paper documents. The loss of physical assets can be deliberate or accidental.

Denial of service: These attacks target networks and systems. Distributed denial of service attacks often target large organizations by flooding and overloading systems to disrupt service.

Crimeware: This includes various types of malware — short for malicious software — or social engineering attacks. Specifically, criminals might use:
Ransomware: This kind of malware holds computer files hostage until the victim pays to unlock them — though they might not get unlocked.
SQL injection: In this type of attack, a hacker inserts arbitrary code into an online user web form. If the form isn’t handled properly when passed through the backend database, it can corrupt the website.
Phishing attempts: Phishing is a type of social engineering attack in which the cyberthief poses as a trusted source and contacts the victim through email, phone call, direct chat, or text message. The goal is to trick the victim into installing malware or sharing personal information, such as bank account info or passwords.

Web application attacks: When you sign up for a web application, you often share personal details. Attackers steal data such as names, addresses and other information and use them elsewhere.

Payment card skimmers: Criminals can place a skimming device on a credit card reader to steal personal and financial information. Two popular targets: ATMs and gas pump terminals.
Cyber-espionage: This is a malicious email linked to state-affiliated actors. The goal is to pierce a system and steal information over time.

Point-of-sale intrusions: Remote attacks target point-of-sale terminals and controllers. Restaurants and small businesses have seen increased assaults.

Miscellaneous errors: Security accidents can compromise data. This includes the inadvertent release or loss of anything containing sensitive data.

Read more


A data leak frequently occur without an organization’s knowledge, and security experts agree that data leaks are not completely preventable. Therefore, sound practices must be in place to detect, contain and remediate data breaches.

In addition, here are best practices organizations can use to prevent data breaches:

Vulnerability assessments—systematic review of security weaknesses in organizational systems, with continuous action to remediate high priority security gaps.Vulnerability assessments—systematic review of security weaknesses in organizational systems, with continuous action to remediate high priority security gaps. Penetration testing—simulated cyber attacks against IT systems to check exploitable vulnerabilities. Training and awareness—many breaches occur via unintentional or negligent exposure of data, or social engineering attacks such as Phishing. Preventive measures include training staff on security procedures, helping them avoid social engineering attacks, and clearly labeling sensitive data. Mitigation and recovery plans—security staff must document known threats to sensitive systems, and maintain plans for responding, containing, mitigating and recovering from security incidents. Defending the network perimeter—security tools can be used to deny unauthorized access and prevent many types of attacks against information systems. For example, Imperva’s Web Application Firewall protects from all common web application security threats such as SQL injection, Cross Site Scripting (XSS) and remote file inclusion (RFI).
Read more

Request for a demo