Data Breach Definition
A data breach is when an organization’s IT environment is compromised in a way that exposes sensitive data to unauthorized parties. According to a recent report by the Identity Theft Resource Center (ITRC), there were 69% more data breaches in 2021 compared with 2020, hence why companies are keen to understand what data breaches are, why they happen, and what can be done to prevent them.
We often hear on the news about data breaches affecting large organizations, however, small companies are frequently targeted as well. A data breach doesn’t necessarily mean that any real damage was done to the breached entity or the data subjects involved. For example, the breach may have been caused by an employee accidentally sending sensitive personal data to the wrong recipient, who probably has no interest in using the data for nefarious purposes.
However, such eventualities must still be taken seriously, as cyber-criminals are always on the lookout for any sensitive data they can get their hands on, which they will either sell on the dark web, use for identity theft, to launch targeted phishing attacks, or to extort their victims in some way.
Data Breach Types and Prevention
While there are potentially hundreds of factors that could result in a data breach, below are some of the main areas that need to be considered in order to minimize the likelihood of a breach, and avoid falling out of compliance with the relevant data privacy regulations.
Weak login credentials
Many companies are still failing to enforce a strong password policy. Employees are using and reusing easy-to-guess passwords, and in some cases, they share their credentials with their colleagues.
Remediation: Firstly, consider using passphrases as opposed to passwords, including passwords that are sufficiently complex. Try to remind users not to use passwords or passphrases that they have used on other platforms. Try to encourage employees to use a password manager to make it easier for them to remember their credentials. It’s also generally a good idea to periodically rotate passwords, and use multi-factor authentication (MFA) whenever possible.
Poorly implemented access controls
While login credentials deal with authentication, access controls deal with authorization. In other words, they determine which systems and assets a particular logged-in user are allowed to access. Many organizations fail to restrict access to sensitive data, thus increasing the likelihood of a breach.
Remediation: Adhere to the Principle of Least Privilege (PoLP), which means ensuring that users only have access to the data they need to perform their role. You must ensure that access to sensitive data is revoked when it is no longer required.
Phishing and social engineering scams
Attackers frequently masquerade as trusted entities in order to trick unsuspecting victims into either handing over sensitive data or installing malicious software on their devices.
Remediation: Since employees are the first line of defense against phishing and social engineering attacks, it is imperative that you carry out regular security awareness training, and try to create a “culture of security”. To be more precise, you need to ensure that employees remain alert and are able to identify suspicious emails, SMS messages, phone calls, friend requests, and so on.
Malware and ransomware
Malware attacks are on the rise, and ransomware has become a major concern for organizations. Double and triple extortion techniques are being used to further extort the victims, and Ransomware-as-a-Service (RaaS) has become its own industry.
Remediation: As above, regular security awareness training must be carried out to ensure that users know how to identify suspicious email attachments. Ensure that you have the best anti-malware solutions in place, and consider adopting a real-time auditing solution that is capable of automatically responding to events that match a pre-defined threshold condition, such as when X number of files have been encrypted within a given time frame.
Lost or stolen devices
It is sometimes the case where an employee either loses a device that has access to sensitive data, or the device gets stolen.
Remediation: For company-issued devices laptops and mobile devices, consider using Mobile Device Management (MDM) software that will allow you to control the device remotely. If necessary, wipe the contents of the device once it has been reported as lost or stolen. If the lost or stolen device is a USB pen or hard drive which contains sensitive data, there’s little you can do about it apart from informing the relevant parties.
Sometimes misconfigured software can have disastrous consequences, and now with hybrid IT environments becoming commonplace, they are becoming increasingly harder to spot. For example, a number of high-profile data breaches were caused by misconfigured Amazon S3 buckets, which were exposed to the internet by default.
Remediation: Firstly, use a real-time auditing solution to detect changes to software configurations – both on-premise and “in the cloud”. Secondly, use an automated solution that will periodically scan your environment for misconfiguration, and alert the administrator accordingly.
Out-of-date or unpatched software
Naturally, attackers will always try to exploit any software vulnerabilities they can find, and in some cases, the consequences can be dire. For example, the WannaCry attack succeeded by exploiting a Windows vulnerability. Even though a patch was available prior to the incident, many users failed to install it.
Remediation: Use an automated patch management solution to ensure that patches and updates are installed as soon as they become available.