Educating your security team members about the threats they are going to encounter helps them in detecting and eliminating said threats. The annual Data Breach Investigations Report (DBIR) of 2016 by Verizon lists the following as the 9 most commonly used methods used by cyber attackers:
1) Attacks via Web Apps
With entire productivity suites now available for application development, it is not uncommon for somebody to use such apps for corrupt agendas. IBM Security Ethical Hacking Team along with Open Web Application Security Project (OWASP) have built this list of The 10 Most Common Application Attacks in Action, with videos for educational purposes.
2) POS Intrusions
Point-of-sale (POS) malware is a software expressly written to steal payment data (mostly credit card data) from retail checkout systems. The attacker can penetrate databases where the data is stored or seize the data at the POS.
3) Cyber-Espionage
This is the act of committing "cyber-spying" wherein the attacker keeps a tab on your classified or personal information and uses it against you for their own means.
4) Misuse of Privilege
Employees with privileged access to sensitive information need to be held accountable for the misuse of their authorizations.
5) Payment Card Skimmers
Payment card skimmers are magnetic strips that can be attached to your credit/debit card without hampering its functionality. The attacker can then retrieve your valuable, personal information on their device each time you swipe or use your card.
6) Denial of Service
Denial-of-Service (DOS) attacks are designed to flood a victim’s network with useless traffic. Commonly noted attacks have been Ping of Death and Teardrop attacks.
7) Crimeware
Any application on the web designed expressly to facilitate illegal activity online is called crimeware. Popular categories among crimeware are spywares, browser hijackers, keyloggers, and phishing kits.
8) Physical Theft/Loss
Securing access points of sensitive data containing storage material will ensure your data doesn’t leave your premises without authorization.
9) Miscellaneous Errors
Miscellaneous errors can include adverse conditions like hurricanes, landslides, power outages, or accidental human errors.
