What is a data breach and 6 steps to protecting your data
A data breach is defined by Wikipedia as “the intentional or unintentional release of secure or private/confidential information to an untrusted environment.”
Data breaches take many different forms. Some are caused by simple accidental improper sharing and security settings that don’t result in use of the data. This can be thought of more as “data exposure”. A data breach can also be caused by a calculated, malicious act to gain information that can be used for profit. These types of attacks commonly target personally identifiable information (PII) such as social security numbers, payment card industry data (PCI) a.k.a. credit card information, and/or trade secrets.
It’s worth noting that a data breach and data loss are two different types of risk. However, a data breach can lead to data loss. This is particularly true in the perimeter-less world that organizations that use cloud applications live in.
In this article, we will use the term data loss prevention as a way to prevent a data breach. It can certainly be argued that these are two different types of risks that need different security approaches. It is our stance that, in today’s cybersecurity environment, a data-first approach to security is necessary.
3 Causes of a Data Breach
There are three common causes of a data breach: accidental, internal criminal, and external criminal.
1. Accidental Data Breach
Accidents happen. Data breaches due to accidental or non-malicious actions are the most common data breaches. Particularly as cloud computing and BYOD drive workplace productivity, organizations are becoming more susceptible to accidental data breaches.
For example, we see cases where employees accidentally set a document sharing settings to “visible to the public”. In this case, anyone could, in theory, find the document and see the information it contains. When this happens, it’s usually unlikely that the document was actually accessed by outside viewers. But it’s not entirely out of the question, and it’s certainly not ideal to have documents and information floating around in the public accidentally.
Accidental data breaches can also occur when a device is lost or stolen. When an employee accidentally forgets their phone on the bus, access to information granted on that device is granted to whomever finds the device and decides to use it themselves. There have unfortunately been several cases of lost or stolen hardware being used to access sensitive information.
2. Internal Criminal Data Breach
Data breaches that are caused by an internal “bad actor” are notoriously difficult to detect, and are an increasing concern. Data breach cases involving disgruntled employees and bribery schemes make data loss prevention even more difficult for IT teams.
In many cases, these types of data breaches involve employees who are leaving the company that steal data. In one such case, a K-12 school district IT contractor stole a database containing information about 70,000 people when she found out she was fired. The files were stored in the cloud, and she was able to access the files remotely before school officials could close her account.
In another case, AT&T employees were caught taking bribes to infect the company’s network with malware. This malware was used to collect data on the company’s internal infrastructure using keylogging. The scheme also included unlocking devices and installing “rogue wireless access points” into AT&T’s network. AT&T reportedly estimates that it lost more than $5 million in revenue each year, over at least a four year period.
In perhaps one of the most high-profile recent cases of trade secret theft, ex-Googler Anthony Levandowski was charged with 33 counts of theft and attempted theft of trade secrets. The charge seems to stem from a lawsuit filed by Waymo, self-driving division of Alphabet, in 2018 charging that Levandowski stole 14,000 documents containing trade secrets around Google’s self-driving car technology.
The moral of each of these stories is that companies and organizations of all types can’t be too careful when it comes to monitoring for data breaches. We tend to think of data breaches as something that only happens to financial companies, like Equifax and Capital One. And that they only come from the outside. But, insider data breaches are destructive—and are on the rise.
3. External Criminal Data Breach
Data breaches from external hackers are most widely discussed and feared in the cybersecurity world. And this is with good reason. While employee negligence is the biggest cybersecurity risk, email continues to be the biggest phishing and malware threat vector.
Cybercriminals outside of your organization want to gain access to your information for one reason—to make money. This can be accomplished in a number of ways, with ransomware and selling data on the dark web being the two most common.
These types of data breaches cause significant trouble for companies. On average, a data breach will cost a company $3.92 million. For smaller organizations, a hit of this magnitude could be fatal. Not only are there remediation and compliance costs associated with a data breach. There is also the cost to the company’s reputation, goodwill, and brand.
Account takeovers (also referred to as account hijacking) are an increasing concern for information security teams. This is because an account takeover can make an external data breach look just like authorized internal access. Account takeovers are notoriously difficult to detect, and can go on for months and even years before they are detected.
As the workforce becomes more mobile and remote, detecting and remediating account takeovers is a major focus for companies of all sizes. In the good old days, employees were all in an office, and those who travelled were required to access the network via a VPN. With the rising popularity of cloud computing, the company network perimeter is all but dead. New data loss prevention methods need to be used for new challenges.
Types of Data Targeted
Four types of data are typically targeted by cyber criminals—both internal and external. These include payment card industry (PCI) information, personally identifiable information (PII), intellectual property (including trade secrets and proprietary information), and business financial data.
PCI and PII data breaches can impact customers, employees, and the business itself. The human and financial toll that customers and employees experience as the result of a data breach and identity theft are one and the same. It doesn’t matter if they are working for you or not, they still have to deal with the impacts of the breach.
Business information such as intellectual property and financial information impacts the company more directly than the stakeholders involved. Of course, it means financial impacts in the form of lost revenue, strategic advantage, innovation, etc. While larger companies can weather such an event, small and mid-sized organizations with less financial and legal resources end up struggling to survive.
How to Prevent a Data Breach
Preventing a data breach on a day-to-day basis is difficult, and building an information security and incident response team is worth every penny. When thinking about how to prevent data loss, most people think in terms of data loss prevention tools. But data loss prevention is much bigger than software alone. From a broad view, there are six simple steps your organization can take to improve data loss prevention.
6 Steps to Better Data Loss Prevention
- Back up your data
- Set up DLP policies and processes
- Use data loss prevention software
- Monitor for improper use of data (both internal and external)
- Monitor for account takeover behavior
- Regularly audit for data breach risks