-

What is a data breach?

What is a data breach and how does it happen?

A data breach is a security incident which occurs when cybercriminals successfully infiltrate and extract sensitive information without authorisation from a data source. This can be done physically by accessing a computer or network to steal local files, or by bypassing network security remotely which crucially, is often the method used to target companies.

Stories of massive data breaches may seem commonplace these days, but it shouldn’t be all that surprising. As technology progresses, more and more of our information has moved to the digital world and as a result, cyberattacks have become more frequent and costly.

The following are the steps usually involved in a typical a breach operation:

1. Research

The cybercriminal looks for weaknesses in the company’s security (people, systems, or the network)

2. Attack

The cybercriminal makes initial contact using either a network or social attack

3. Network attack

A network attack occurs when a cybercriminal uses infrastructure, system, and application weaknesses to infiltrate an organisation’s network.

4. Social attack

Social attacks involve tricking or baiting employees into giving access to the company’s network.

5. Exfiltration

Once the cybercriminal gets into one computer, they can then attack the network and tunnel their way to confidential company data.

Data breaches can damage both businesses and consumers in a variety of ways. They can cause significant financial loss, damage lives and reputations, and it can take businesses a considerable amount of time to repair and re-build.

Types of data usually stolen

The motive of cybercriminals will define which company they will look to attack. Different sources yield different information and based on the data stolen, there are specific types of information that are valuable.

Cybercriminals search for this data because it can be used to make money by duplicating credit cards, and personal information can be used for fraud, identity theft, or even blackmail. The information can also be sold in bulk in Deep Web marketplaces.

End users are rarely the target, but they can be affected when their records are part of the information stolen from big companies.

An example:
In July 2017 the Information Solutions Provided Equifax suffered a major cybersecurity incident which affected 143 million consumers in the U.S. Initially discovered on 29 July, the breach revealed the names, Social Security numbers, birth dates, and addresses of almost half of the total U.S. population. With investments in 23 other countries worldwide, around 400,000 U.K. customers were also reportedly affected. Final findings revealed a total of 145.5 million exposed records.

How could your organisation be susceptible to a data breach?

Cybercrime is a profitable industry for attackers which continues to grow. Corporations and businesses are extremely attractive targets to due to the large amount of data that can be obtained in one attack. Cybercriminals seek personally identifiable information to steal money, compromise identities, or sell over the dark web.
Data breaches can occur for a number of reasons including accidentally, but targeted attacks are typically carried out in the following four ways:

  • Exploiting system vulnerabilities
    Out-of-date software can create a hole that allows an attacker to sneak malware onto a computer and steal data.
  • Weak passwords
    Weak and insecure user passwords are easier for hackers to guess, especially if a password contains whole words or phrases.
  • Drive-by downloads
    You could unintentionally download a virus or malware by simply visiting a compromised web page. A drive-by download will typically take advantage of a browser, application, or operating system that is out of date or has a security flaw.
  • Targeted malware attacks
    Attackers use spam and phishing email tactics to try to trick the user into revealing user credentials, downloading malware attachments, or directing users to vulnerable websites.

Reducing the risk of a data breach

The more you invest in cybersecurity the better protected your organisation will be, which in turn will make you less attractive to cybercriminals in the first instance, but there are some basic proactive steps all businesses should take as a minimum to reduce the risk of a data breach:

  • Understand regulatory compliance requirements. Be aware of any security regulations affecting your business. These can range from laws covering all businesses when handling sensitive customer data, to regulations targeted at your specific industry. Arrange a quarterly review of these regulations to ensure adherence.
  • Have a data security policy and ensure employees understand and agree to adhere to it. This should be updated regularly and include items such as:
    • Restricting access to information based on individual roles i.e. providing users only enough access privileges to allow them to complete their duties.
    • The storage and removal of data no longer required, whilst assuring adherence to disposal rules.
    • Email usage standards.
    • Blocking access to specific websites, particularly those used for personal use such as social media.
  • Where possible hire a specialised IT Security person who can monitor threats, identify any vulnerabilities and help eradicate them. If this isn’t feasible, ensure that the person/team responsible for IT keeps software patched and updated, including ecommerce platforms which are often the source of card data breaches.
  • Educate your employees so that they understand why business data security is vital, and how they can contribute to preventing a data breach at the workplace.
  • Have an immediate response plan to help reduce the damage should a data breach occur. The ability to quickly detect a breach can save millions in some situations. Talk with a cybersecurity professional and establish steps to identify, manage, and then recover from a breach.

What action can you take if your data has been compromised?

Initial steps

  • Change your passwords immediately and practise smart password habits. If you reuse a password on multiple sites your online accounts are more vulnerable to identity thieves.
  • Create unique and strong passwords for your accounts using a mix of special characters, numbers, and upper and lower case letters.

Where business details (including account number and sort code) have been compromised:

  • Ensure that your bank accounts are reconciled daily and report any suspicious transactions to your bank immediately.
  • Beware of scams, if your details have been compromised and subsequently sold to criminals, your company or your clients may be contacted by fraudsters.
  • Consider registering for Protected Online Filing (PROOF) which can help you prevent fraudulent changes to your company.
  • Ensure that your clients or suppliers are made aware of the compromise and that they should not be paying funds to any new accounts without any independent validation on a number held on file.
  • Individuals or businesses who have fallen victim to identity fraud should report to Action Fraud 0300 123 2040 or online searching via the Action Fraud website#

Where personal details have been compromised:

  • Keep a close eye on your bank accounts and report any suspicious transactions to your bank immediately.
  • Check your credit report (to see if any credit or accounts have been opened in your name); this can be done via any credit agencies (Equifax, Experian, Call Credit* etc.).
  • Beware of scams. If your details have been compromised and subsequently sold to criminals, you are more likely to be contacted by fraudsters.
  • Consider applying for the CIFAS Protective Registration service , NB this will cost you £25 for 2 years. This will trigger additional checks on all credit applications made using your information including genuine applications made by you (so may cause delay on applications).
  • Individuals or businesses who have fallen victim to identity fraud should report to Action Fraud 0300 123 2040 or online searching via the Action Fraud website#

#Agencies may differ according to jurisdiction.

Read related insights

insights

Malware: how to prevent malicious attacks on your organisation

Malware is used by criminals to disrupt computer operations and access confidential information. Find out how to protect your organisation.

insights

Network attacks: how to protect your organisation

What are network attacks? These are attempts to gain unauthorised access to an organisation's network to steal data or perform other malicious activity.

Insights

What is Phishing?

Phishing is an email-based fraud, and is a form of social engineering. Find out how to protect your company from phishing.

Insights

Fraud Protection

Fraudsters are working as hard as you are. Our content can help you stay ahead of them.