Many of us have experienced it at one time or another – we go to log into an online account only to discover that we’ve been hacked. We’ve lost access, and there’s a good chance that at least some of our sensitive, personal data is now in unknown hands. But data theft doesn’t just happen to individuals; often, businesses and other organizations are the victims of corporate security breaches.
A security breach is when an attacker circumvents organizational security controls to illicitly access and steal corporate data.
Security breaches can be unintentional in some situations. Sometimes, employees will accidentally leak information to third-party sources by failing to secure devices, allowing cookies on a machine, or downloading information incorrectly. However, security breaches are usually the result of intentional action by dedicated attackers.
Attackers target many types of sensitive – and valuable – information in a security breach. Some of the most common types of targeted data include credit-card or social-security information, account data, corporate financial and legal records, or patient healthcare data (PHI or PII).
As you may imagine, security breaches can be incredibly costly for the organization that has been victimized. There are many direct costs, including investigating the source of the breach and remediating and rectifying damage. There are also many indirect costs, like reputational damage, the need to update cyber security tools, and the costs associated with assisting employees or customers that were impacted.