A data breach exposes confidential, sensitive, or protected information to an unauthorized person. The files in a data breach are viewed and/or shared without permission.
Who Causes Data Breaches
The assumption is that a data breach is caused by an outside hacker, but that's not always true. A data breach can also occur in the following ways:
- An Accidental Insider: An example would be an employee using a co-worker's computer and reading files without having the proper authorization permissions. The access is unintentional, and no information is shared. However, because it was viewed by an unauthorized person, the data is considered breached.
- A Malicious Insider: This person purposely accesses and/or shares data with the intent of causing harm to an individual or company. The malicious insider may have legitimate authorization to use the data, but the intent is to use the information in nefarious ways.
- Lost or Stolen Devices. An unencrypted and unlocked laptop or external hard drive — anything that contains sensitive information — goes missing.
- Malicious Outside Actors: These are hackers who use various attack vectors to gather information from a network or an individual.
Methods Used to Breach Data
Although a data breach can be the result of an innocent mistake, real damage is possible if the person with unauthorized access steals and sells Personally Identifiable Information (PII) or corporate intellectual data for financial gain or to cause harm.
Malicious actors tend to follow a basic pattern, as targeting an organization for a breach takes planning. They research their victims to learn where the vulnerabilities are, such as missing or failed updates and employee susceptibility to phishing campaigns. Once they know a target's weak points, they develop a campaign to get insiders to mistakenly download malware, or they go after the network directly. Once inside, malicious actors have the freedom to search for the data they want — and lots of time to do it, as the average breach takes more than five months to detect.
Common attack methods used by malicious actors include the following:
- Stolen Credentials: The vast majority of data breaches are caused by stolen or weak credentials. If malicious actors have your username and password combination, they have an open door into your network. Because most people reuse passwords, cyber criminals can gain entrance to email, websites, bank accounts, and other sources of PII or financial information.
- Compromised assets: Various malware attacks are used to negate regular authentication steps that would normally protect a computer.
- Payment Card Fraud: Card skimmers attach to gas pumps or ATMs and steal data whenever a card is swiped.
- Third-party access. Although you may do everything possible to keep your network and data secure, malicious actors could use third-party vendors to make their way into your system.
- Mobile Devices: When employees are allowed to bring their own devices (BYOD) into the workplace, it's easy for unsecure devices to download malware-laden apps that give hackers to data stored on the device. That often includes work email and files as well as the owner's PII.
The Damage a Data Breach Can Do
A data breach can have a devastating effect on an organization's reputation and financial bottom line. Mention organizations such as Equifax, Target, or Yahoo, for example, and what do you think about? Today, many people associate those companies with a data breach rather than their actual business operations.
A few best practices to avoid a data breach include the following:
- Patching and updating software as soon as options are available
- ENCRYPTION for sensitive data
- Upgrading when software is no longer supported by the manufacturer
- Enforcing BYOD security policies
- Enforcing strong credentials and multi-factor authentication
- Educating employees on best security practices and ways to avoid socially engineered attacks
Common wisdom suggests all organizations could face an attack at some point. The goal is to keep attempts from turning into a data breach. Understanding how and why data breaches happen is a first line of defense.