What is a Data Breach?
What is a data breach?
Data breaches are the leakage of an organization's sensitive information, including customer personally identifiable information (PII), intellectual property, and other sensitive data.
While not every data breach is large enough to make the news, they happen on a daily basis. In fact, since 2005, an average of nearly 2 data breaches have occurred each day, and the rate is accelerating.
Types of data breaches
The popular conception of a data breach is that an outside attacker gains access to an organization's systems and steals their data.
While many data breaches do happen this way, this is not the only type of data breach or even the most common.
In fact, 69% of organizations have experienced a data breach due to an insider threat.
An insider can place an organization's data at risk in a number of different ways, including:
- Departure: Departing employees commonly take corporate data with them to their next role. In fact, one-third of employees say that people commonly do this. These data breaches are rarely reported because many organizations lack the data visibility needed to even know that they have occurred.
- Negligence: Employee negligence is another commonly overlooked source of data breaches. Employees place data at risk of exposure by storing it in insecure cloud data storage, losing laptops, mobile phones or other storage media, inappropriately CC'ing someone on an email, and similar actions. While these actions are not performed out of malice, they place the company and its data at risk.
- Exploitation: Phishing and other social engineering attacks are often targeted at gaining access to sensitive data. If an employee falls for the pretext, they can take actions that place sensitive data at risk.
- Malice: Disgruntled employees can deliberately take actions to hurt a company. This can include stealing and leaking sensitive internal data.
Data breaches come in a variety of different forms. However, all of them boil down to a failure to monitor and secure internal data in a way that prevents it from being leaked or placed at risk of exposure.
Who is typically targeted for data breaches?
Many organizations believe that they are not a risk of cyberattacks because they are "too small for cybercriminals to bother" or "don't have anything that an attacker would want". This isn't true for cyberattacks in general or data breaches in particular.
Big organizations are common targets of cybercriminals due to their rich troves of sensitive data, and these breaches make the news for the same reason. However, big companies are not the only ones that suffer from data breaches.
In fact, 76% of IT leaders say that their organizations have lost sensitive data in a data breach.
Any organization can be targeted for data breaches. While big companies are prime targets, cybercriminals also like taking advantage of low-hanging fruit.
If an automated scanner can find an unsecured cloud repository, a web application has an SQL injection vulnerability, or an employee falls for a phishing scam, the cyberattacker won't turn down the opportunity because the leaked dataset is "too small".
How and why do data breaches happen?
Data breaches occur when a cyberattacker gains access to an organization's data.
This can happen by taking advantage of access to an organization's network and systems or identifying data that is accidentally exposed where it is accessible to the public (like cloud storage).
Some of the main ways a data breach can occur include:
- Lost/Stolen Credentials: Compromised credentials are an invaluable tool for a cybercriminal looking to carry out a data breach. With access to an employee's credentials, an attacker can log into their account and take advantage of their legitimate access to steal sensitive data. Credentials for SaaS solutions like Office 365 and G Suite are a common target due to the amount of valuable data stored in email and cloud-based storage and the opportunity to phish other employees using the compromised internal email.
- Lost/Stolen Equipment: A lost or stolen laptop, mobile phone, or USB drive can be a treasure trove of sensitive information. For example, in 2018, a USB drive was found in Heathrow airport that detailed the security protocols and plans for the Queen's travel. In the wrong hands, this data breach could have led to a kidnapping or an assassination.
- Social Engineering Attacks: Social engineering attacks, like phishing, are designed to trick someone into taking actions that hurt them and/or their organization. These attacks can be designed to steal sensitive data directly or to gain access to credentials that can be used for second-stage attacks.
- Insider Threats: Insider risk is one of the leading causes of data breaches. As mentioned earlier, insiders can place an organization's sensitive data at risk in a number of different ways.
- Vulnerability Exploits: Web application vulnerabilities are a major target of cybercriminals. These applications are publicly accessible and are connected to databases full of sensitive information that an attacker may be able to access with a successful exploit.
- Malware Infections: Malware can carry out a data breach in a number of different ways. Malware can attempt to gain direct access to sensitive databases and send the information to the attacker or attempt to steal user credentials that the attacker can use directly.
- Physical POS Attacks: Point of Sale (POS) devices like credit card readers and ATMs are targeted by both physical and virtual skimming attacks. In both cases, the attacker reads the information off of credit cards inserted into the machine, enabling them to use or steal the breached financial information.
- Credential Stuffing: Employees commonly use weak or reused passwords on their personal and business accounts. Credential stuffing attacks test common and breached passwords to see if they can guess a user's credentials and gain access to their accounts.
- Lack of Encryption: Internet traffic is routed over untrusted infrastructure, which makes it potentially vulnerable to eavesdropping. If encryption - in the form of SSL/TLS - is not used, an eavesdropper may be able to read sensitive information included in a user's traffic.
- Misconfigured Web App or Server: Misconfigurations can be as damaging to a web app or server as software vulnerabilities. In 2019, Capital One experienced a massive data breach that took advantage of a misconfigured web application firewall (WAF) to access and steal data from the organization's AWS deployment.
How to prevent a data breach
Data breaches can be carried out in so many ways that trying to close down the initial attack vector is like playing Whack-a-Mole. Instead, organizations should focus on denying an attacker access to the target of the attack: the sensitive data in their care.
One of the primary enablers of data breaches is that many organizations have no idea what data they have, where it is, and what people are doing with it. Achieving visibility into data and data flows is a crucial step in preventing data breaches.
If an organization can detect and quickly respond to activities that place their data at risk of exposure, then data breaches become much more difficult to perform, regardless of the technique used.
Users can also contribute to an organization's efforts to protect itself against data breaches. Many data breaches involve an insider, whether via negligence, data theft, or falling for a phishing attack. An intentional effort to consider the potential risks of an action before performing it can go a long way towards improving personal and professional data security.