What is a Security Breach?
A beginner's guide to a security breach
A security breach or data breach, is when an attacker circumvents organizational security controls to illicitly access and steal corporate data.
Security breaches can be unintentional in some situations. Sometimes, employees will accidentally leak information to third-party sources by allowing cookies on a machine or downloading information incorrectly. However, security breaches are usually the result of attackers.
Attackers target many types on sensitive – and valuable information in a data breach. Some of the most common types of targeted data include credit card or social security information, account data, corporate financial and legal records or patient healthcare data (PHI or PII).
As you may imagine, security breaches can be incredibly costly for the organization that has been victimized. There are many direct costs including investigating the source of the breach and remediating and rectifying damage. There are also many indirect costs like reputational damage, the need for update cyber security tools, and assisting employees or customers that were impacted.
Is a Security Breach also a Data Breach?
Generally, the terms 'security breach' and 'data breach' are used interchangeably. However, if we split hairs, they are related but not the exact same thing.
A security breach precedes an actual data breach. During the security breach, an attacker bypasses, organizational cyber security deployed at places like endpoints, the network perimeter and data center and cloud. This breach gets the attacker initial access within a corporate network.
However, this can't be considered a full scale 'data breach' until the attacker moves laterally inside an environment to reach sensitive data and then steals or exfiltrates the information. Much of this information can then be sold on the dark web for profit.
What is involved in a Breach
Now that we have discussed what security and data breaches are, it's time to take a look at some of the elements that are involved in or can lead to a security or data breach.
Employee error is one of the leading causes of security breaches. 47% of business leaders have stated that human error has been responsible for loss of documents and applications. They cite employee carelessness as having caused a data breach at their company.
This error could come in the form of unsecured files and folders, accidentally leaving documents open, overgenerous file and data sharing permission, sharing or emailing files with the wrong person or location, and security tools incorrectly configured that left data exposed.
The best way to prevent these types of breaches is to train employees in the handling of sensitive data.
Malware is also commonly used as part of attacks that ultimately steal data. Cybercriminals may rely on malware that is installed to steal credentials or ransom corporate computers.
A lot of the time, employees accidentally install malware onto computers by opening a phishing email. They also may download malware disguised as a legitimate application.
Most malware infects not only the computer it initially infects, but is designed to move laterally to infect them but the other computers on the network as well. This makes it easy for information to be stolen at multiple points in the network.
Email impersonation of other individuals or organizations is another way that hackers gain access to a company to then steal data. This is generally known as 'phishing.'
Attackers target employees with legitimate-looking emails from seemingly trustworthy sources. When the employee opens the email or email attachment, or clicks on a URL, this triggered a malware infection on the employee’s computer, which is the first step in a data breach.
One of the most common uses of phishing is to obtain financial information. Many of these messages are marked 'urgent' and make the reader think that they must update their payment information in order to get paid or remain employed. Make sure that your employees are able to spot phishing emails so that you don't pay the price.
How to Prevent a Breach
Beyond educating your employees on how to secure data and how to spot phishing when it happens, there are a few more measures that you must take to prevent breaches.
What to Do in the Aftermath
Let's say that, despite your preparations, a security breach does take place. What's next?
Here are some of the things that you need to do:
- Ensure attackers and attack backdoors have been discovered and removed
- Assess the damage that the breach has caused
- Figure out what information was lost or stolen
- Try to get data back using recent backups
- If necessary, report lost and stolen information (especially financial and SSN information)
- Understand needed updates to exisiting security tools and processes
While a security breach can cause untold amounts of harm, taking these measures will help to stunt some of the damages.