Arguably no phrase has dominated the tech world the last 24 months more than the term “data breach.” From breaches that have impacted critical infrastructure like the Colonial Pipeline to hackers compromising healthcare records at UC San Diego Health, the last two years have been saturated by headlines of cyber security mishaps. Yet, despite the prevalence of the breach-centric news-cycle, many everyday individuals may not know what exactly a data breach is, how they typically start, and why they occur.
According to IBM, the average time it takes to identify that a breach has occurred is 287 days, with the average time to contain a breach clocking in at 80 days. And with 81% of businesses experiencing a cyber attack during COVID, it is essential that individuals are familiar with the anatomy of a data breach so that they can keep their data, as well as their colleagues and customers’ data, safe.
With that in mind, here is some helpful background on what data breaches are and why they are so problematic.
What is a data breach?
While it may seem like a complex concept, once the jargon is removed, a data breach is actually really straightforward to explain. According to Trend Micro, a data breach is “an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner.” And while data breaches can be the result of a system or human error, a vast majority of data breaches are the result of cyber attacks, where a cyber criminal gains unlawful access to sensitive system data. In fact, 92% of the data breaches in Q1 2022 were the result of cyber attacks.
What kind of data can be breached?
Unfortunately, cyber criminals look to get their hands on any information that they possibly can ranging from more obvious sensitive information such as social security numbers and credit card information to more obscure data like past purchase history.
What are some of the tactics used to execute data breaches?
Cybercrime is getting more sophisticated each day. However, cyber attack tactics do not have to be cutting-edge or advanced in order to be very effective. Here are a few examples of popular tactics used by cyber criminals:
- Phishing: Phishing is when a cyber criminal pretends to be a legitimate party in hopes of tricking an individual into giving them access to personal information. Phishing is one of the oldest tricks in the book for cyber criminals but it is just as effective as ever. For example, 80% of security incidents and 90% data breaches stem from phishing attempts.
- Malware: Another tried-and-true method for cyber criminals is malware. Malware is malicious software that secretly installs itself on devices – often by way of a user engaging with fake links and content – and quietly gains access to the data on an individual’s device or a business network.
- Password Attack: Through password attacks, cyber criminals look to gain access to sensitive data and networks by way of “cracking” user passwords and using these credentials to get into networks and extract data from a given network.
If You Think You May Have Spotted A Breach
The best way to stop a data breach is to stop it before it even starts. This includes taking steps from making sure passwords are long and complex to reporting suspicious emails. However, if you do suspect that you may have been the victim of a breach, immediately contact your IT department or device provider to notify them and follow subsequent protocols to help them scan, detect, and remediate any issues that exist. Do not worry about being wrong, it is better to report an issue and be wrong than to do nothing.
Four Key Simple Steps To Protect Your Business.
- Training Is Key – the weakest link in your security could be your strongest asset if trained properly. The majority of attacks begin with an email. If your employees do not know what to look out for and do not fully appreciate the risks of clicking on a link or downloading a file, they are unwittingly putting your business data at risk, your customers, and potentially your entire supply chain. Provide your team with fun and engaging training on a regular basis so that your staff and your business are better protected.
- Encryption – if malicious actor gains access, they cannot use any data they get their hands on if it is encrypted. Ensure that files are encrypted during all states (in use, at rest, in transit).
- Ransomware Resilient Backup – ensure that you are using ransomware resilient backup so that if your system is compromised it can be rectified as quickly as possible without being locked out of your backup by ransomware.
- Strong Passwords and MFA – ensure all your staff are using strong passwords. Supply a password manager to help them keep on top on their passwords in a secure fashion and insist on MFA is used wherever possible.
What does this mean for your business?
Cyber security doesn’t need to be as complicated or intimidating as it may initially seem. If sensible steps are taken every business should be able to ensure that is as secure as it can be. Whilst it is impossible to prevent 100% of attacks, it is possible to hugely mitigate the threat posed by cyber criminals.
If you need help securing your business data or would like to investigate how vulnerable your organisation is, or would simply like to look at cyber security training please call us today. We would be delighted to help you.
If you would like to discuss your technology requirements please:
Back to Tech News