For some, the phrase ‘We have a data breach’ can mean reaching for the panic button. What is the level of exposure? How do we contain it? Who do we tell and what should we say? Did we prepare adequately? What could the fallout be from customers and suppliers, and will there be any ramifications from the regulator?
Meanwhile, others will think of data breaches as something that happens to others. Scanning the headlines and reading about the impact upon critical infrastructure such as the Colonial Pipeline, or how hackers compromised healthcare records at UC San Diego Health, it can feel a world away. Yet the truth is, far more data breaches (of varying severity), take place than are reported. In fact, 81% of businesses are said to have experienced a cyberattack during the COVID pandemic.
The problem is that if these stories that reach the public domain do not resonate, they will be less inclined to take action to safeguard their organisations or be able to recognise the red flags that they have a situation on their hands. It is reported by IBM that the average time it takes an organisation to identify a breach is an astonishing 287 days, with the average time to contain a breach clocking in at 80 days. Combined that is more than one year from an attack to a resolution!
Whilst some elements of the media try to scare people into action, and the regulators try to legislate people into action, there is also a need to educate them into action and that means helping everyone from the sole trader to the largest enterprise, to understand the ever-evolving threat landscape and the anatomy of a data breach so that they can keep their data, as well as their colleagues, customers and their respective supply chains, safe.
So, with that in mind, here is some helpful background on what data breaches are and why they are so problematic.
What is a data breach?
While it may seem like a complex concept, once the jargon is removed, a data breach is actually really straightforward to explain, as Trend Micro does well, “an incident where information is stolen or taken from a system without the knowledge or authorisation of the system’s owner.” And while data breaches can be the result of a system or human error, the vast majority of data breaches are the result of cyberattacks, where a cybercriminal gains unlawful access to sensitive system data. In fact, 92% of the data breaches in Q1 2022 were the result of cyberattacks.
It is important to stress that you may not be the ‘target’, with cyberattacks taking many forms, be it an opportunistic casting of the net to see what gets caught. Or pinpointing likely weak points in a supply chain to reach the ultimate goal.
What kind of data can be breached?
For cyber-criminals data is a currency they can use to profit from either selling or using for bigger rewards. So, they look to get their hands on any information that they possibly can ranging from more obvious sensitive information such as social security numbers and credit card information to more obscure data like past purchase history.
What are some of the tactics used to execute data breaches?
Cybercrime is getting more sophisticated each day. However, cyberattack tactics do not have to be cutting-edge or advanced to be effective. Here are a few examples of popular tactics used by cybercriminals:
- Phishing: When a cyber criminal pretends to be a legitimate party in hopes of tricking an individual into giving them access to personal information. Phishing is one of the oldest tricks in the book for cybercriminals but it is just as effective as ever (who hasn’t received a convincing but suspicious SMS, telephone call or email). For example, 80% of security incidents and 90% of data breaches stem from phishing attempts.
- Malware: Another tried-and-true method for cybercriminals is malware. Malware is malicious software that secretly installs itself on devices – often by way of a user engaging with fake links and content – and quietly gains access to the data on an individual’s device or corporate network. Ransomware is another type that is less discreet, demanding payment in return for business as usual.
- Password Attack: Through password attacks, cybercriminals look to gain access to sensitive data and networks by way of “cracking” user passwords and using these credentials to get into networks and extract data from a given network. The Authlogics Password Breach Database contains 4.8 billion compromised credentials and 1.3 billion clear text passwords, with a million more added daily on average.
How to spot a possible breach?
The best way to stop a data breach is to prevent it from starting. This includes having the right systems and processes in place, to reduce the attack surface of the organisation and provide an early warning system for potential attacks. For example, password management combined with multi-factor authentication is a simple and cost-effective way to block what most cybercriminals recognise as one of the easiest routes into an organisation.
Download Authlogics simple 5 step guide to recovering from a data breach here.