Examining the Differences Between Hackers, Malware, and Data Breaches

With the various forms of cybercrime consistently making news, different terms are thrown around to describe what is happening and who is responsible. You might be wondering what the difference is between malicious hacking and ethical hacking. Or what sets apart a data breach from a security incident.  


To make sense of it all, let’s look at those who break in, the tools they use, and what can be done to keep hackers at bay.  

Who is breaking into accounts?

Malicious hackers: A person or a group of individuals who make a concerted effort to break into an organization’s network or a personal computer or device to do harm of some kind. They are often in it to make money and work somewhere on the dark web. These individuals are known as “black hats.”  


Hacktivists: A person or group of people who might either break in, or simply knock on the front door to prove they could break in if they wanted to. Hacktivists are not in it to make money. Their goal is to promote a personal or organization’s agenda, or to affect social change. Basically, a hacktivist wants to make a point that networks and computers are not impervious to their attacks. 


Ethical hackers: An ethical hacker, sometimes called a security researcher, will work to find and exploit a vulnerable piece of technology. These individuals often identify a software or hardware flaw and inform the vendor that something needs a patch.  

What tools are they using?

Software in the form of executable code or a script that has been programmed to break into a network or computer, to cause harm or not, has many names and forms. The overarching term for this is “malware” which is shorthand for “malicious software”. 


Malware essentially activates itself once it gains entry through a vulnerability. The code itself has many names and variants including virus, worm, ransomware, adware, and Trojan Horses. A bug, on the other hand, is a flaw that made its way into existing software or hardware by the engineers who programmed it. 

What happens after an account has been compromised?

The term “data breach” is often used as a catch-all for any kind disruption. From a legal perspective, however, what it’s called makes a significant difference. 


Security event: This is when something has occurred that presents a security risk with any degree of severity. Essentially, it’s a noticeable change in the typical behavior of a network, system, process, or computer. It can range from a normal event that does not require a response, to an emergency event which requires immediate action. 


Security incident: The difference between an event and an incident is human. An incident is something that can be determined to be caused by a person or group of people. An incident can become a serious situation when it is determined that there is malicious intent behind it. For example, when there is a defect or flaw, there may be a technical failure as a result. This is a random event, and not an intended, malicious one. 


Data breach: This is a type of security incident where sensitive information has been exposed and stolen due to unauthorized access. An organization that has suffered a data breach is bound by regulations such as HIPAA to inform those who have been affected by the loss of their personal information such as credit card numbers or patient health information (PHI). 

Keeping hackers at bay

Nowadays, it’s not a matter of if but when a hacker will gain access to an account. Consumers can do a number of things to educate themselves, including understanding what a phishing email looks like or being diligent on hacking prevention and data security 


Updating your passwords and storing them in a secure vault while turning on dark web monitoring to alert you to a breach will allow you to proactively and reactively prevent possible damage from a hack.  

Don't forget to share this post!

Share on facebook
Share on twitter
Share on linkedin

Related Articles

Disclosed earlier this week the zero-day flaw that exists in iOS and macOS platforms – being actively exploited in the wild – can allow attackers to take over an affected device.

Hello, and welcome to this episode of Glass Class. Today, I'll be talking about Cloud Security Posture Management, also known as CSPM. CSPM is the continuous compliance checking of cloud platform accounts.

A Cloud Access Security Broker (CASB) is a policy enforcement point that delivers data and threat protection in the cloud, on any device, anywhere.