Data security breach
What is a data security breach?
Data security breaches are security incidents that expose business-critical data or sensitive information in an unauthorized manner. The data exposed can include personally identifiable information (PII) of customers or clients, payment card information (PCI), electronic protected health information (ePHI), intellectual property (IP), and other sensitive data.
However, not all security incidents are data breaches. For instance, files made available to all employees in an organization because of an unintentional mistake of an employee is not a data breach. Data security breaches refer to sensitive data being leaked to an external unsecured environment either for financial gains or due to unintentional errors.
Biggest data security breaches to date
- 3 billion Yahoo user accounts were compromised to reveal names, email addresses, and telephone numbers in 2014.
- 500 million Marriott International customers had their encrypted payment card information, contact information, and other details stolen in 2014.
- 147.9 million Equifax customers' Social Security numbers were stolen along with other personal data in 2017.
- 145 million eBay users had their names, addresses, and encrypted passwords exposed to hackers for 229 days in 2014.
Causes of data breaches
Security breaches are becoming more frequent and detrimental, and it's important to know how these threats occur. The major vectors for business-critical data exposure are:
- Network security breaches perpetrated through malware attacks.
- Phishing and social engineering techniques launched through emails can make unsuspecting employees reveal sensitive information.
- Data theft executed by employees through unauthorized file transfers.
- Access of sensitive data through stolen credentials of user accounts.
- Security breaches in cloud applications via known vulnerabilities .
Data breach consequences
The average cost of a data breach worldwide was reported to be $3.92 million. In United States, however, the average was $8.19 million per breach, more than twice the average of the rest of the world. Apart from financial losses, organizations have to deal with the negative impacts to their reputation. These affect the credibility of the organization, drastically affecting profitability and potential business opportunities.
Depending on the intensity of the breach in terms of the number of customer records and the type of data exposed, the consequences may include:
- Legal fines including penalties for violating external regulations.
- Financial compensation to customers for exposing their private information.
- Cost and time to implement threat response measures including change in business processes, and forensic analysis and investigation.
- Drop in share prices due to damaged reputation.
- Lost business deals.
Data breach prevention
Once a data breach has occurred, there is no going back. Data stolen may be lost forever. It can also be leaked or sold on the internet. To prevent the loss of critical data, a data loss prevention tool has to be deployed. This kind of tool can minimize the risk of data exposure by proactively preventing unwarranted data movements.
Detection of unauthorized data exposure is key to containing the extent of a breach. The following practices can serve as early prevention methods:
- Deploy a data leak prevention tool built into a unified data security platform to protect your data across all fronts from cybercriminals.
- Comply with data privacy regulations, like the GDPR, HIPAA, etc., which provide stringent guidelines on data protection.
- Resort to the latest encryption techniques so that sensitive data is unreadable even if its stolen.
- Audit file servers to monitor business-critical data access movements to identify an imminent breach.
- Implement cloud protection controls to track and filter the web application requests passing through the organization's network.
- Employ security incident response software as a preemptive strategy.