What is Data Breach? How to Prevent Data Breach? — Testbytes

11 min readJan 27, 2020

With the growing connectivity and more personal information being fed to the different systems, we often come across the term data breach. People often say things like don’t install that app or don’t take the credit card from a certain bank or don’t deal with XYZ company to protect your information and money. These are indicative of a data breach. Read on for more.

In simple terms, a data breach means personal and confidential data of a person or an organization is made available in an untrusted environment by unauthorized people without the consent of the person or organization concerned. This is sometimes also called as data or information leak.

Data breaches can have legal consequences and hence closing the loopholes is becoming a big priority for all organizations. It is important to understand that it is not external elements that are trying to access your data but there can be several other intentional and unintentional things happening within your company that can lead to a data breach.

Based on how and where the data breach happens it can be classified into several types. Let us investigate these types now.

The employees are the biggest asset for any company. This asset can be the strongest and weakest link in the security chain. Sometimes they tend intentionally or unintendedly help in data breaches. Incidents like sending a bulk email with all the people in CC instead of BCC, or responding to phishing emails and compromising sensitive information, exposing sensitive information during screen sharing sessions with the people inside or outside the organization contribute to the data leakage to authorized people or environment.

Sometimes employees can be indirectly contributing to the data breach by not following the right security standards. Like not installing the proper system updates, using weak passwords or not securing the database with a password could make it easy for people from outside to access the company data.

Cyber Attacks have become common these days. We frequently hear the militant groups defaced the govt websites. A more common word for it would be hacking. To put it in words a cyber attack means attacking a computer, network or server with the intention of steal information, alter and delete data causing intentional damage to the other organization.

The most common form of cyber attacks is using malware which captures the user’s sensitive information and uses this information to cause damage to him or his assets. Like at an individual level it can be used to gather a person’s bank login credentials and then used from transferring his money to other accounts. Some malware can help you get complete control over the other system, such that it can perform tasks under your command.

This is one of the most common forms of attacks. Here the criminals and hackers pose as legitimate and authorized personnel and try to gather sensitive information from the company employees. One of the common methods used is phishing. This includes emails that look very real and people are tempted to open them or click links in them that will compromise the security.

This includes emails like password expiry with reset link or mandatory training list with a link to the training, courier received, and many more. The employees need to be vigilant and should report these kinds of emails to their security team to avoid further damage to the company and its data.

Inside the office premises, there are likely to be several important documents containing sensitive information. It is important thus for the organization to implement proper access controls. The rooms should be made accessible only to people who are authorized. The same goes for internal applications.

For e.g. the personal data of the employee which would include his salary. This needs to be accessible only to the HR, his manager and himself. If another person can access this data, then that will also be called as a data breach even though the information may not be transmitted outside the organization.

This is one of the fastest-growing cybersecurity threats across the globe. This type of malware will encrypt all the files in your system. Without the decryption key, you could end up losing all your data. At this point, the attacker can blackmail the organizations for huge amounts for sharing the decryption key.

This is a very serious threat for almost all organizations because even with all the network security in place this malware can easily make way into your systems through phishing emails, attachments, etc.

The only way out is to take a frequent backup of your system and as soon the malware is detected you should clean your system and restore with the last backup data.

Employees can cause maximum damage to the organization since they have access to the data and information. In several cases, the employees would intentionally leak the data to unauthorized people outside the organization for monetary gains or take revenge.

There is no way no control these kinds of data breaches apart from educating the employees against doing it and setting up a structure where other employees can anonymously report any suspicious activity by the others.

The systems in an organization contain a lot of information. Physical theft is another contributor to a data breach. This includes the computers, hard disks and even the hard copy of documents that are not shredded after use.

Theft not necessarily means someone breaking into the office it could also occur outside the organization. Like an employee in a coffee shop with his laptop unattended, or an important document left in the dustbin without shredding can make its way to landfills and fall into unscrupulous hands while disposing of laptops and other digital media if data is not completely erased it can also lead to a data breach.

These data breaches are prevalent across all sectors. Banking and Healthcare are the most critical among them. When it comes to healthcare the picture is sad. The medical data, reports and billing details are sold in black.

This data is then used to manipulate the patients into buying more costly medicines, higher premiums for insurance and many other shady activities. It is big business. Make sure when you visit a hospital or medical center, they have proper data protection measures in place to avoid such situations.

A data breach is so easy to carry out at this juncture of time. But what are the reasons that make data breach to easy to carry out or how does data breach occur?

Weak and stolen credentials
Applications which are built based on poorly written code
Poorly designed network
Malicious link and software
Over permissions
Companies inside the companies
Improper configuration

How to Prevent a Data Breach?

Now that we have seen how a data breach can happen and what can be the consequences, let us try to fix the damage. While it may not be possible to make the system 100% foolproof, below are some of the ways in which each organization can try to minimize the occurrences of these data breaches.

Extra data and information storage can become cumbersome to manage and maintain. The best way is to store only the necessary information both as hard copy and soft copy. Another way is to educate the employees about the retention period of different categories of documents as per the business needs. It is also important where you keep your data. Always make sure not to store important data in multiple places. 1 backup should be enough.

As simple as it may sound, having proper safety controls in place is very important. For physical data, ensure the rooms have limited and restricted access. Ensure not to provide temporary access to anyone for these rooms. Also, regularly revisit the access controls to ensure that only required people have access and ensure to remove access for people who no longer need it

Employees are your best bet against a data breach. It is advisable to create extensive security policies to avoid data breach and educate them about it as well. They should be told to follow the policies and security standards mentioned. The onus is on the company to make sure the employees are aware of these policies and standards to be followed.

Companies tend to dispose of unused and expired electronic data, including laptops and pen drives. It is important that the data in these electronic devices is destroyed before it is disposed of. This would help avoid the threat of data getting into the wrong hands after disposal.

With new means of a data breach and information leak being identified, one must make sure that the security policy of the company is updated regularly to counter such attacks. The employees should be notified and made to understand the policy updates made from time to time to make sure they are vigilant against phishing attacks and potential data breach.

Digital security needs to be enhanced with the use of strong passwords containing mix alphabets and numerals, the encryption and decryption keys need to be changed regularly, and the digital data transfers need to be monitored especially the information shared outside the intranet.

Keeping the system and software updated is always your best bet against malicious malware attacks. While hackers are trying new ways to break through into your system, the security and anti-virus companies are always trying to block these attempts. It is thus important to make sure that all systems install these important updates.

Some of the Biggest Data Breach Incidents

Even with the policies and procedures in place, companies do fail to protect their data and personal information. These data breaches can have far-reaching consequences if not found and plugged at the right time. In this section, let us see some major and most talked about data breach instances across the globe.

In September 2018, the hackers were able to manipulate the code for “view as” to get access to the user security token. With this token, it was possible to hack into the person’s Facebook profile. This exposed the personal data of 50 million users. To counter this Facebook had to forcefully log out 90 million users and had to reset the access tokens as well.

In a major data breach that happened in 2018, the hackers were able to access British Airways customer database and get the personal and financial details of more than 3,80,000 customers who made or changed any of their bookings over a 2-week period. The compromised data included name, address, email ID, credit card details including the expiry and some security codes as well. Even before they could fix the damage, another customers’ data were compromised through the reward bookings vulnerability.

AMCA is a billing service agency in the US. Their medical data was breached for about 8 months from Aug 2018 to Mar 2019 before coming to light. Though the investigations are still, a rough estimate indicates that personal, medical and financial data of more than 25 million people was compromised. The extent of the impact is still under investigation and the company has recently filed for bankruptcy.

One of the US’ biggest credit reporting companies faced the wrath of the hackers in 2017 jeopardizing the data of more than 143 million users who had used their services for generating a credit report. The breach took about 2 months to find and fix and the hackers were able to get the SSN, DOB, names, address and even driving license details. As a precautionary measure, the clients were asked to freeze their credit cards or at least enable a fraud alert. The exact extent of the impact is still unknown.

This was a result of a massive phishing email campaign to which around 9 employees responded providing their user id and password. With this information, the hackers were able to gain full access to the medical data and records of about 6,45,000 patients. This included their personal record, financial data, medical history, and SSN details as well. The officials were detected the data breach 3 weeks later when most of the damage was already done.

In one of the biggest corporate data breaches in history, the hackers were able to access and compromise around 145 million customer data including the username and password. The company for initially reluctant to believe a data breach in its high-security system. But later, they found that the hackers had used the corporate accounts of three employees to access the customer data. The customers were then asked to reset and update their passwords to avoid any unforeseen issues.

Around 206 hospitals in the US come under the umbrella of the Community Health System. In a major data breach in 2014, the hackers were able to access to more than 4.5 million patient records belonging to these 206 hospitals.

This indicated a very high risk of identity theft of the patients belonging to Texas, Tennessee, Florida, Alabama, Oklahoma, Pennsylvania, and Mississippi where they have most centers. They were later able to find out that the data breach was carried out through sophisticated malware by hackers from China.

Ways to improve Data Breach Mitigation

Companies ave deployed an incident response team to respond timely when there is an attack so that days required data breach cycle can be reduced.
The incident response team should be tested using a mock drill to ensure its reliability.
The latest technologies must be implemented to detect the breach at an early stage.
For better insights and to stabilize the security seek the help of threat intelligence
Have an effective business continuity plan and proper backup
Seek expert advice rather than listening to half-witted one

How Much Does Data Breach Mitigation Cost

The average cost of data breaches globally according to study in 2019 is $3.92 million . What makes such attacks devastating is that the time is taken to find the attack and stop it.

One data breach cycle is 279 days and often companies find it hard to contain the attack before it. However, there are companies that have managed to put an end to the cycle before 200 days managed to reduce to the loss of $1.2 million less than the usual.

The most devastating attacks were caused by malicious attackers and it took longer than the usual average to detect such attacks. For example, you have the case of Wiper Ransomware attacks in front of you.

Conclusion

While data breaches have become common and even the biggest companies are not spared by them, we must make sure we take all precautions to keep our data safe and secure.

It is important to understand that with greater connectivity all data is at stake both for individuals and for companies like. This means that even as an individual you need to understand the importance and of your personal information and you need to safeguard it against misuse.

Originally published at https://www.testbytes.net on January 27, 2020.