Today, we’re going to look at 15 examples of security incidents that every small & mid-sized business needs to understand. 

In many cases, if you can detect and properly respond to these incidents, you can prevent them from escalating into breaches. 

Let’s get started.

What is a cybersecurity incident?

A cybersecurity (or information security) incident is any occurrence that is a violation of security policies and controls. Oftentimes, security incidents are indicators of larger attacks against confidentiality, availability, or integrity of information systems.  

Some examples of security incidents that we will dig into further include:

  • Unauthorized attempts to access systems or data

  • Privilege escalation attempts

  • Password attacks

  • Loss or theft of devices storing sensitive information

  • Improper disclosure of sensitive information

  • Port scanning & network scanning activities

  • Denial of service (DoS) attacks

  • More

Before we dive into the characteristics of these security incidents though, I want to clear up something that is often confused. 

What’s the difference in a security incident and a security breach?

A security incident is any occurrence in an information system that violates the policies and procedures in place. A security breach, on the other hand, is a security incident that has escalated to the exposure of sensitive information. Incidents are usually precursors to breaches. If investigated and responded to appropriately they can often prevent breaches from happening.

Bonus Tip:

Security incidents are unavoidable. Every organization will have a security incident and maybe even a breach at some point. To mitigate the effects, identify your most critical assets. Prioritize these assets when you begin implementing security controls. 

Examples of Security Incidents

There are many security incidents that could be indicators of compromise or attempted compromise at your organization. 

We will only be able to discuss a few here. 

If you want an exhaustive list, check out the MITRE ATT&CK framework or the Atomic Red Team framework by Red Canary. 

Both of these provide great detail on various security incidents and are great resources for shoring up your defenses.

1. Unauthorized attempt to access systems or data

This is an attempt by an attacker to get access to something on your network that they shouldn’t. 

It could be devices or data. 

The attacker may try to phish an employee to get credentials so they can get access to the employees email. 

Or they may try to read files on a file share on the network.

Ways to mitigate:

  • Use the principle of least privilege as you create and deploy systems and data sets within your environment. (don’t forget cloud and SaaS)

  • Implement multi-factor authentication to require a second verification before users can access information systems

  • Encrypt sensitive data sets at rest and in transit in your environment


2. Privilege escalation

If attackers gain access to your network and get a foothold in some way, they will try to escalate privileges at some point. 

That is, if your network is set up correctly. 

If you have implemented least privilege in your environment, they will start with low level access and need to escalate to administrators at some point to achieve their goals. 

So, how might an attacker gain initial access?

They could have used phishing, or used a vulnerability or missing patch.

Essentially, there are an untold number of ways.

Ways to mitigate:

  • Create a vulnerability management program to regularly identify and resolve vulnerabilities within your organization

  • Use secure baseline configurations across your systems to ensure that attack points are limited

  • Implement a security monitoring solution such as a SIEM to analyze events in your environment to alert for unusual activity

3. Insider threats

Insider threat incidents are caused by your own employees or vendors accidentally or intentionally. 

These types of incidents could range from accidentally clicking on malicious links or deliberately exfiltrating customer data to sell to criminals. 

There are several examples of insider threat incidents that you should beware of - pawns, careless employees, collaborators and lone wolfs. 

Pawns are employees who are being manipulated by bad actors to cause harm to your environment. 

Careless employees take harmful or careless actions without malicious intent. 

Collaborators work with another entity such as a competitor or otherwise motivated attacker to steal sensitive information from your company. 

Lone wolves are insiders who are working by themselves to achieve some malicious goal. 

Ways to mitigate:

  • Implement security monitoring solutions such as a SIEM to monitor events in your environment and alert when abnormal activities occur

  • Follow the principle of least privilege so that employees only have access to the least amount of data or access they need to do their job

  • Train employees on risks to avoid before allowing them to use systems or software in your network


4. Phishing incidents

Phishing attack incidents occur when hackers try to impersonate someone or another company and get one of your employees to take some detrimental action. 

These attacks usually happen via email or text message. 

Ways to mitigate:

  • Email authentication protocols - SPF, DKIM, and DMARC - can help prevent phishing emails from impersonating your own employees. 
  • Train your employees about the risk of phishing attacks and how to respond
  • Implement an email security gateway to filter emails and block them

5. Malware incidents

Malware incidents can come in many forms and methods. 

They can include ransomware, viruses, trojans, worms, adware, coin miners, and more. 

There are a myriad of ways malware can be installed on your systems. 

Employees can accidentally click links or attackers could brute force and gain access to your servers. 

Ways to mitigate:

  • Use an effective endpoint protection or antivirus software 

  • Control administrative access so that employees are working in non-administrative accounts and limiting reach of malware


6. Denial of service

A denial of service incident happens when someone performs an attack to overwhelm your systems with traffic. 

They flood your server or system with so much traffic that it is overloaded and can’t operate. 

This can cause the system to crash or simply be unusable. 

Ways to mitigate:

  • Configure firewalls and routers to automatically block DoS traffic

  • Proxying websites and public facing servers behind DoS prevention can help mitigate the risk

7. Man in the middle

A man-in-the-middle (MitM) attack intercepts network communications and proxies them through an attacker’s device. 

They can eavesdrop on all traffic passing through. 

This means that if you are entering passwords or other sensitive information, they could potentially get it. 

MitM attacks can be quite difficult to detect, so prevention is important. 

Ways to mitigate:

  • Encrypt data communications in motion using encryption protocols such as TLS and SSL
  • Use encrypted WiFi protocol WPA2
  • Train employees on the risk of public WiFi and how to use VPNs to conceal their traffic


8. Password attack

There are many ways that password attacks can happen, but any security incident involving password attacks merits an investigation. 

Password attacks can include:

  • Brute force - attackers try random characters over and over until they guess the right combination

  • Dictionary attack - an attacker gets a hash of the password and uses a dictionary of common passwords to run hashes and try to see what matches what they have

  • Phishing - the attacker tricks an employee into giving their password to them

All of these are dangerous and could result in unauthorized access to systems or data

Ways to mitigate:

  • Train your employees to use strong passwords that are hard to brute force or find via a dictionary attack

  • Implement failed login lockouts that will lock someone out after numerous failed attempts to login

  • Use multi-factor authentication to increase the difficulty for attackers to access your systems

9. Web application attack

Web application attacks are security incidents where attackers target websites or other web applications as an entry point into your environment. 

They may use SQL injections, known exploits, cross site scripting, or various other attack methods. 

These types of security incidents can be challenging to detect. 

Ways to mitigate:

  • Regularly review web applications during development to avoid OWASP Top 10 vulnerabilities 

  • Proxy web applications behind web application firewalls that can detect attacks in progress and block the attackers

  • Conduct regular penetration tests or bug bounty exercises to identify vulnerabilities


10. Loss or theft of equipment

The loss or theft of equipment with sensitive information is a serious risk. 

If an attacker has access to a laptop or mobile device that is not encrypted, they can get access to all data on it. 

It’s quite simple to get around passwords. 

In fact, under HIPAA, the loss or theft of equipment is considered a breach and must be reported. 

Any time someone loses a device, a security incident review should be conducted to determine if sensitive information was leaked

Ways to mitigate:

  • Encrypt mobile devices so that attackers can’t get any data off of them if the device is stolen or lost
  • Store sensitive information in central locations rather than on mobile devices  

11. Removable media

Removable media attacks usually involve USBs and CDs or DVDs. 

Attackers can deploy scripts and malware to your network from programs on these devices. 

Operating systems have done a lot to control this threat over the last few years, but it still exists. 

Ways to mitigate:

  • Disable the autorun feature on removable media so that any programs or scripts on them aren’t automatically run

  • Configure your antivirus software to automatically scan removable media when they are connected to your computers

  • Limit which peripherals are allowed to be used using serial numbers


12. Improper disclosure of sensitive information

Improper disclosure happens when an employee or vendor accidentally sends sensitive information to the wrong party or sensitive information is left unprotected. 

We have seen this happen a lot since AWS buckets became popular. 

Ways to mitigate:

  • Train employees to double check where they are sending sensitive information

  • Create configuration check lists when deploying new services or systems to ensure that sensitive data isn’t left disclosed

13. Port scanning

Attackers are constantly scanning the internet looking for potential targets. 

This usually involves port scanning - a scan in which a device is inspected to see which ports are open. 

If ports are found to be open, the scanner will send special packets to look for responses. 

From these responses, it can figure out what applications or services are running. 

Port scans happen quite frequently and are typically not a cause for much concern. 

Ways to mitigate:

  • Use proxies and web application firewalls to detect port scans and stop them

  • Configure systems to not respond to common port scan techniques like PING


14. Data exfiltration

When data is found to be actively leaving your network, you have a serious security incident. 

This typically means that attackers have already compromised your network, escalated privileges, and begun taking what they want. 

Ways to mitigate:

  • Use a Data Loss Prevention solution to identify sensitive information in your environment and track its movement

  • Apply the principle of least privilege to all assets in your network

  • Use intrusion detection solutions to analyze network traffic and detect loads different that your baseline of normal activity

15. Improper disposal

When you are finished using a device, you can’t just throw it away. 

There is sensitive information on it that can be accessed and read. 

This applies to mobile devices, hard drives, USB drives, DVDs, CDs, servers, printers, copiers, and any other device that stores information. 

Similarly, paper records should be shredded or addressed in another acceptable manner. 

Ways to mitigate:

  • Follow disposal best practices such as those outline by NIST

  • Train your employees on disposal practices



These examples of security incidents should help you begin identifying them in your network and responding appropriately. 

Remember, everyone has security incidents. 

If you can contain them before they turn into breaches or leaks of confidential data, you will be much better off. 

This means that you need to have a solid incident response plan in place. 

Leave a Reply

Your email address will not be published. Required fields are marked *

About SmartFix

We are a family owned business that provides fast, warrantied repairs for all your mobile devices.

Brooklyn Area

2307 Beverley Rd Brooklyn, New York 11226 United States

1000 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

San Francisco Area

358 Battery Street, 6rd Floor San Francisco, CA 27111

1001 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

121 Resources for you to:

Learn & Master Cyber Security
Send Me the PDF
Get the Exclusive Bonus
Privacy Checklists and My Favorite Resources

Get Instant Access! 
Your information will never be shared

Reasons to Subscribe to the CyberX Email List:


 1. Free Stuff 
You'll get instant access to free resources. 

 2. Content Tailored to You 
Over time, Ill get to learn more about you and deliver content that actually matters

 3. No Hype 
Just real content that's meant to make a difference. 


Download the PDF Version Of This Guide

Want to save this guide for later? I'll email you the PDF for free. 

Would the SMB Cybersecurity Plan Be Helpful?

Do you want a proven plan for security for your SMB? How about a logical plan for reducing the risk of breaches?

Want to prevent security incidents? Check out the SMB Cybersecurity Guide

This guide will show you how to build an effective, affordable cybersecurity program for your small or mid-sized business. 
Pivot To Infosec Virtual Summit - Are you wanting to pivot to infose?
Check Out Free Event