How Data Breaches Occur
When questioning what a data breach is, the definition is simple. An organization is considered to have suffered a data breach if sensitive information is accessed or retrieved, intentionally or unintentionally, by an individual, group, or software system. Most organizations divide sensitive information into three categories.
1. Personal information
2. Business information
3. Government-classified information
Another factor when considering what is a data breach is what unauthorized users do with the sensitive information. In some cases, it is leaked or exfiltrated, meaning unauthorized copying or transmission of data without affecting the source data.
In other instances, data breaches result in the loss of data, such as with ransomware attacks, where the data is encrypted to prevent the data owner from accessing it.
What a data breach is can also have nuance. It can be a benign or malicious data breach from someone inside an organization. For instance:
- An insider who accidentally accesses sensitive information that is beyond their privileges or discloses sensitive information inadvertently
- A malicious insider seeking to steal from or deliberately harm an organization
- An external attack by cybercriminals
What Is a Data Breach?
A data breach is when an unauthorized user gains access to sensitive information. This can allow cybercriminals to steal financial information, identities, and other personal data.
Sensitive information that is stolen in a data breach is usually sold to other criminals who can exploit that data for illicit purposes. Examples of sensitive information are:
- Biometric information
- Date and place of birth
- Home phone number
- Mailing address
- Medical data
- Passport numbers
- Personally identifiable information (PII)
- Social security numbers
What Is a Data Breach Categorization Model
To understand what a data breach is, a categorization model can be used, including breaking data breaches into two groups—how they were perpetrated and the target type.
Several data breach attack types are:
- Insider threats
- Password guessing
- Physical attack
- Recording keystrokes
- SQL Injection
- Stolen credentials
Examples of data breach target types are:
- Energy and utility companies
- Financial services—e.g., banking, insurance, investment firms
- Healthcare services and providers
- Small and medium-sized businesses
How Does a Data Breach Occur?
There are many ways that a data breach can occur. Though, regardless of how, one important consideration is that data owners and users of a breached system or network do not always know immediately that it has occurred.
Often, a data breach goes undetected, because the cybercriminal covers their tracks, making it difficult to discover the data breach until the compromised data is used for illicit purposes. Following is a review of how a data breach occurs in most organizations.
- Unintentional data breach
Occurs when a legitimate user accidentally does something that leads to the attack. Examples of this include:
- Accesses unsecured websites
- Connects to an unsecured Wi-Fi network
- Falls for a social engineering scam
- Loses hardware with sensitive data (e.g., laptop, hard drive, mobile phone)
- Provides someone else access to their login credentials
- Shares sensitive information
- Intentional data breach
Occurs when a cybercriminal, or malicious insider, targets and attacks an individual’s or organization’s applications, systems, or networks for the purpose of accessing sensitive information. The types of attacks and perpetrators vary. In some cases, botnets are used to gain access to multiple computers simultaneously, increasing the scale and intensity of the attack.
- Insider threats
Occur due to an internal, sometimes authorized, user misusing sensitive data. These insiders are usually disgruntled employees, former employees who retain credentials to sensitive systems or third parties, such as partners, vendors, and service providers.
While the types of data breaches are varied, most can be traced to a vulnerability or loophole that cybercriminals use to gain access to applications, systems, or networks. Potential vulnerabilities exploited in a data breach include:
- Back doors
- Insider threats
- Lack of access controls
- Lost or stolen hardware (e.g., laptops, hard drives, mobile devices)
- Sending sensitive information to the wrong recipients
- Sharing login credentials
- Social engineering scams
- Unpatched security vulnerabilities
- User errors
- Weak login credentials
How Does a Data Breach Affect an Organization?
A data breach has serious negative effects on all organizations. However, for small- and medium-sized businesses (SMBs), a data breach can be an existential threat. Below are several of the most significant impacts of a data breach.
- Damage to brand value and reputation
- Hidden costs
- Insurance premium hikes
- Impact on finances
- Loss of intellectual property
- Lost revenue
- Negative impact on employee retention and hiring
- Online vandalism (e.g., changes to websites)
- Operational downtime
- Regulatory fines
- Risk of legal action
What Data Is Targeted by a Data Breach?
Data targeted by data breaches can reside in any organization—from small businesses to major corporations. Several types of information are targeted by a data breach, including the following.
- Financial data
- Bank details
- Credit card numbers
- Financial statements
- Tax forms
- Government records
- Intellectual property
- Customer lists
- Source code
- Trade secrets
- IT security information (e.g., users’ and systems’ access credentials)
- Medical or Protected Health Information (PHI)
- Military information
- Personally Identifiable Information (PII)
How Companies Can Prevent Data Breaches
No one tool or procedure can prevent data breaches. The most effective data breach prevention strategies are based on a holistic approach that considers the entire threat landscape and attack surface, focusing on where sensitive data resides and who uses it. Among the tactical defenses to prevent data breaches are the following.
- Anti-malware software
- Data encryption
- Data lifecycle management
- Incident response plans
- Inventory management and controls
- Intrusion detection systems (IDS)
- Multi-factor authentication
- Ongoing vulnerability assessments
- Penetration testing
- Portable media usage controls
- Regular software and patch updates
- Security policies for employees and third parties
- Computer usage controls (e.g., company assets should not be utilized for personal activities, device screens should be locked when devices are not in use)
- Least privilege access
- Strong passwords
- System monitoring
- Vulnerability and compliance management
Understanding “What a Data Breach Is” Is Critical for All Organizations
According to cybersecurity experts who continuously monitor trends, organizations face thousands of attacks a day from cybercriminals who are intent on accessing sensitive information. When they are successful, the organization becomes another in a long line of data breaches. The stakes are high, and no organization can afford a data breach.
Despite the persistence and sophistication of cybercriminals, organizations can put up a solid defense to deter would-be data breaches. Consider all of the angles of a data breach, the likely perpetrators, and the targeted data. Then, take a holistic approach to data security with a broad range of measures, policies, and procedures to prevent and mitigate security threats.
Egnyte has experts ready to answer your questions. For more than a decade, Egnyte has helped more than 16,000 customers with millions of customers worldwide.
Last Updated: 12th May, 2022