What Is a Security Breach?
A beginner's guide to security breaches
Many of us have experienced it at one time or another – we go to log into an online account only to discover that we’ve been hacked. We’ve lost access, and there’s a good chance that at least some of our sensitive, personal data is now in unknown hands. But data theft doesn’t just happen to individuals; often, businesses and other organizations are the victims of corporate security breaches.
A security breach is when an attacker circumvents organizational security controls to illicitly access and steal corporate data.
Security breaches can be unintentional in some situations. Sometimes, employees will accidentally leak information to third-party sources by failing to secure devices, allowing cookies on a machine, or downloading information incorrectly. However, security breaches are usually the result of intentional action by dedicated attackers.
Attackers target many types of sensitive – and valuable – information in a security breach. Some of the most common types of targeted data include credit-card or social-security information, account data, corporate financial and legal records, or patient healthcare data (PHI or PII).
As you may imagine, security breaches can be incredibly costly for the organization that has been victimized. There are many direct costs, including investigating the source of the breach and remediating and rectifying damage. There are also many indirect costs, like reputational damage, the need to update cyber security tools, and the costs associated with assisting employees or customers that were impacted.
Security Breach Explained
Is a Security Breach also a Data Breach?
Generally, the terms 'security breach' and 'data breach' are used interchangeably. However, if we split hairs, they are related but not the exact same thing.
A security breach precedes an actual data breach. During the security breach, an attacker bypasses organizational cyber security deployed at places like endpoints, the network perimeter, and within data centers, and the cloud. This breach gets the attacker initial access within a corporate network.
However, this can't be considered a full scale 'data breach' until the attacker moves laterally inside an environment to reach sensitive data, and then steals or exfiltrates the information. Much of this information can then be sold on the dark web for profit.
What Is Involved in a Security Breach?
Now that we have discussed what security and data breaches are, it's time to take a look at some of the elements that are involved in, or can lead to, a security or data breach.
Employee error is one of the leading causes of security breaches. 47% of business leaders have stated that human error has been responsible for loss of documents and applications. They cite employee carelessness as having caused a data breach at their company.
This error could come in the form of unsecured files and folders, accidentally leaving documents open, overgenerous file and data sharing permission, sharing or emailing files with the wrong person or location, and incorrect security tool configurations leaving data exposed.
The best way to prevent these types of breaches is to train employees in the handling of sensitive data.
Malware is also commonly used as part of attacks that ultimately steal data. Cybercriminals may rely on malware that is installed to steal credentials or ransom corporate computers.
A lot of the time, employees accidentally install malware onto computers by opening an unverified email. They also may download malware disguised as a legitimate application.
Most malware infects not only the computer of the person who initially downloads it, but is also designed to move laterally to infect the other computers on the network as well. This makes it easy for information to be stolen at multiple points in the network.
Email impersonation of other individuals or organizations is another way that hackers gain access to a company to then steal data. This is generally known as 'phishing.'
Attackers target employees with legitimate-looking emails from seemingly trustworthy sources. When the employee opens the email or email attachment, or clicks on a URL, this triggers a malware infection on the employee’s computer, which is the first step in a data breach.
One of the most common uses of phishing is to obtain financial information. Many of these messages are marked 'urgent' and make the reader think that they must update their payment information in order to get paid or remain employed. Make sure that your employees are able to spot phishing emails so that you don't pay the price.
How to Prevent a Security Breach
Beyond educating your employees on how to secure data and how to spot phishing emails and malware, there are a few more measures that you must take to prevent breaches. Here are seven actions you can take to reduce your risk:
- Restrict access: Even honest, trusted employees can accidentally leave the door open for attackers. Keep careful track of who has access to sensitive data, and don’t allow employees to remain ‘logged in’ to important networks.
- Keep up with updates: Tools and platforms from third-party vendors are regularly updated to counter newly discovered weaknesses and attack vectors. Make a point to regularly download and install patches on any systems that require them. Likewise, make sure that your network antivirus software is always up to date.
- Be smart about passwords: An easy-to-guess password is like an open invitation to cybercriminals. MAke sure that everyone using company hardware or accessing company networks is using a unique, difficult to decipher password; including upper and lowercase letters, special characters, and numbers can make a big difference.
- Secure your router: An unsecured network gives thieves a remote backdoor to your data. Enable encryption on all of your wireless traffic, and make sure that your router is sufficiently password locked.
- Back up your data: Some criminals want to copy your data and sell it. While this is certainly something you want to prevent, there are others who simply wish to damage or alter your sensitive data. Creating regular data backups can help ensure that, in the event of a security breach, you won’t lose vital information you and your customers depend on.
- Establish and enforce data-safety procedures: There are a number of best practices when it comes to safeguarding organizational and customer data, but if your business doesn’t use them, they can’t help you. Work with IT to draft comprehensive data-safety procedures and security-breach defenses, and train all of your employees to use them.
- Perform regular security audits: Vulnerability assessment and security audits allow you to discover weaknesses in your network, before they get used against you. Schedule regular audits, at least one per quarter, and prioritize the most glaring security issues for immediate remediation.
What to Do in the Aftermath
Let's say that, despite your preparations, a security breach does take place. What's next?
Here are some of the things that you need to do:
- Ensure attackers and attack backdoors have been discovered and removed
- Assess the damage that the breach has caused
- Figure out what information was lost or stolen
- Try to get data back using recent backups
- If necessary, report lost and stolen information (especially financial and SSN information)
- Understand needed updates to exisiting security tools and processes
While a security breach can cause untold amounts of harm, taking these measures will help to mitigate some of the damages.
Learn more about implementing a micro-segmentation security strategy with our eBook, "Secure Beyond Breach."