What is a Security Breach?

Generally, the terms 'security breach' and 'data breach' are used interchangeably. However, if we split hairs, they are related but not the exact same thing.

A security breach precedes an actual data breach. During the security breach, an attacker bypasses, organizational cyber security deployed at places like endpoints, the network perimeter and data center and cloud. This breach gets the attacker initial access within a corporate network.

However, this can't be considered a full scale 'data breach' until the attacker moves laterally inside an environment to reach sensitive data and then steals or exfiltrates the information. Much of this information can then be sold on the dark web for profit.

What is involved in a Breach

Now that we have discussed what security and data breaches are, it's time to take a look at some of the elements that are involved in or can lead to a security or data breach.

Employee Error

Employee error is one of the leading causes of security breaches. 47% of business leaders have stated that human error has been responsible for loss of documents and applications. They cite employee carelessness as having caused a data breach at their company.

This error could come in the form of unsecured files and folders, accidentally leaving documents open, overgenerous file and data sharing permission, sharing or emailing files with the wrong person or location, and security tools incorrectly configured that left data exposed.

The best way to prevent these types of breaches is to train employees in the handling of sensitive data.

Malware

Malware is also commonly used as part of attacks that ultimately steal data. Cybercriminals may rely on malware that is installed to steal credentials or ransom corporate computers.

A lot of the time, employees accidentally install malware onto computers by opening a phishing email. They also may download malware disguised as a legitimate application.

Most malware infects not only the computer it initially infects, but is designed to move laterally to infect them but the other computers on the network as well. This makes it easy for information to be stolen at multiple points in the network.

Phishing

Email impersonation of other individuals or organizations is another way that hackers gain access to a company to then steal data. This is generally known as 'phishing.'

Attackers target employees with legitimate-looking emails from seemingly trustworthy sources. When the employee opens the email or email attachment, or clicks on a URL, this triggered a malware infection on the employee’s computer, which is the first step in a data breach.

One of the most common uses of phishing is to obtain financial information. Many of these messages are marked 'urgent' and make the reader think that they must update their payment information in order to get paid or remain employed. Make sure that your employees are able to spot phishing emails so that you don't pay the price.

How to Prevent a Breach

Beyond educating your employees on how to secure data and how to spot phishing when it happens, there are a few more measures that you must take to prevent breaches.

What to Do in the Aftermath

Let's say that, despite your preparations, a security breach does take place. What's next?

Here are some of the things that you need to do:

• Ensure attackers and attack backdoors have been discovered and removed
• Assess the damage that the breach has caused
• Figure out what information was lost or stolen
• Try to get data back using recent backups
• If necessary, report lost and stolen information (especially financial and SSN information)
• Understand needed updates to exisiting security tools and processes

While a security breach can cause untold amounts of harm, taking these measures will help to stunt some of the damages.