The 5 Deadliest Threat Actors of Data Security Breaches to Look Out For

35% of data security breaches were caused by threat actors (persons behind the event) internal to the organization
Data Security Breaches
Share on facebook
Share on twitter
Share on linkedin

For the most obvious reasons, the financial services industry faces a plethora of cyber security challenges and threats coming from both internal and external sources, perhaps more than any other type of organization. The 2020 Verizon Data Breach Report found that from among the 1,509 security incidents reported and 448 confirmed breaches analyzed, as much as 35% of data security breaches were caused by threat actors (persons behind the event) internal to the organization. Let’s examine the most commonly-cited internal and external threat actors.

1. Ransomware (System Intrusion)

Ransomware is a type of malware, or software of a malicious nature, that seeks to threaten or publish a victim’s data or in other cases, perpetually block access to it, unless a ransom is paid. Employees fall victim to this type of attack when they click on a link inside a suspicious email which activates the malware into the system.

Ransomware attacks typically come in the form of a Trojan horse (or simply a Trojan) that misleads users as to its true intent by disguising itself as a legitimate file that the user is tricked into downloading or opening when it comes as an email attachment. The WannaCry ransomware attack of 2017 is one such example that traveled automatically between computers without needing user interaction. 

UDTSecureTM is an advanced suite of  managed security and threat intelligence services and solutions that help you secure your IT assets and improve your overall security posture. Click here to learn more. 

2. Web Application Attacks & Misconfiguration

A web application attack is a serious weakness or vulnerability within a web application environment that grants criminals direct and public access to databases containing valuable information. Criminals do this with the intention to churn sensitive data, e.g. personal data and financial details, making financial organizations a frequent target of attacks.

Attackers seek to gain access to sensitive data residing on the database server because of the immense pay-offs in selling the results of data breaches. Criminals can quickly access the data residing on the database through any combination of things, both intentional (on their part) and accidental (on the part of negligent or inadequately trained employees on the need for strict security policy adherence). Sometimes all it takes is a dose of creativity and, with luck, negligence or human error, criminals can easily exploit the vulnerabilities in enterprise web applications.

Threats never take a break, and neither should your security operations solution. UDTSecureTM provides continuous monitoring and immediate alert and response to security events, with Security Operations Center (SOC) capabilities through a comprehensive interface. Click here to learn more.

3. Lost or Stolen Assets

Any incident where an information asset went missing, whether through misplacement or malice as in the case of theft. Devices continue to be lost or stolen, a human pattern that is unlikely to change anytime soon. While the threat actor may be Internal (for loss) or External (for theft), the security protocols to safeguard data on these devices remain constant.

Misplacing tiny devices that contain thousands of personal and work-related files is one of the common themes for the breaches and incidents observed in the Verizon study. Computers, documents, USB devices and mobiles end up disappearing, accidentally or otherwise. How work habits and actual places of work have evolved in the past year due to the pandemic also has a bearing on the rise of reports or incidence of loss or stolen assets. Although, it should be noted that the loss arising from an internal user accidentally misplacing an asset and then reporting the loss is significantly more common than someone reporting an asset stolen, according to this study. 

From an organizational perspective, whether or not an asset was lost or stolen is a distinction that is often moot since the security response will likely be to remotely wipe the device data either way. When it comes to discovering that an asset is lost or stolen, an organization’s best line of detection would be your employees themselves. By providing a system and means to easily report any lost or stolen assets to the organization should be part and parcel of a robust data security system.

4. Personal Data Breaches: Privilege Misuse (Internal)

Privilege misuse occurs when incidents are predominantly driven by unapproved or malicious use of legitimate privileges. In this case, the internal threat actors are  financially motivated. The most common data type stolen was Personal information, and somewhat surprisingly, the rise in remote workers did not appear to have a noticeable effect on Misuse.

Of all the threat actors listed in this blog, this is arguably the most uncomfortable one as it involves the people we trust betraying us. Privilege Misuse can take the form of  colleagues deciding (for a number of reasons) to take their access and use it to pilfer data they are not authorized to take, or use it in ways they really shouldn’t. Most Internal actors are motivated by greed with the intention of cashing in on the data they steal. A much smaller percentage are in it for the sheer trivial amusement. An even smaller percentage are people holding a grudge against their employer. Finally, there are those individuals who are doing this to start a competing business or benefit their next employer. The last three categories of people make up a small percentage of the whole.  The bottom line here is that people are frequently financially motivated regardless of whether or not they have trusted access.

Most organizations tailor their security protocols and systems primarily to fight off threats external to their organization. But for organizations that have especially sensitive data along with regulatory requirements that make reporting mandatory, it underscores the need for surveillance controls that can quickly catch this kind of misuse. 

5. Human Error

When it comes to human error, these incidents are where unintentional actions directly compromise a security attribute of an information asset. Errors are unintentional actions, typically taken by an Internal actor, but Partner actor errors also occur. Misconfiguration of database assets being found by Security is a growing problem. Employees sending data to the wrong recipients also continues to be a significant issue.

Both system administrators and developers typically have privileged access to data on the information systems they maintain for an organization. When people in these roles do make mistakes, the scope is often of much greater significance than the foibles of an average end-user. The security errors committed by IT professionals can wreak havoc on the confidentiality of an organization’s data, or that of their customers’ or employees’.

Sadly, information misdelivery remains a considerable threat. A number of these breaches are electronic data only (e.g., email to the wrong distribution list), but there can also be a significant number that involve the misdelivery of paper documents. These errors are particularly common in industries where large mass mailings are a preferred method of getting information to the customer base. An analog example would be one where the envelopes become out of sync with the contents. However, information misdelivery errors can be avoided by a basic sample check at different points during the mailing process.


Organizations would do well to implement an integrated information security system that covers all bases. Where organizations would normally focus primarily on external threat actors that come in the form of system hacking or malware, a significant portion of security breaches can and do occur because of both unintentional human error or malicious intent on the part of financially-motivated privilege misuse by employees. Fortunately, there are information security systems that can address and mitigate these threats. 

UDTSecureTMis an advanced suite of  managed security and threat intelligence services and solutions that help you secure your IT assets and improve your overall security posture. Click here to learn more.


Focus time, money, and effort on what really matters

Let’s build success together. 

More to explore

Just one more step

Please fill out the following form,