Increasing cybercrime has seen organizations around the world experiencing more frequent attacks on sensitive and confidential business data. This can have serious consequences, so it’s vital to have a security incident response plan in place to mitigate risk and deal with any data breaches.
To understand how data breaches can affect your business, we’ve put together a comprehensive guide about what happens and what support you need to manage a data breach.
What is a data breach?
In simple terms, a data breach is a security incident, when information has been accessed, stolen and used without authorization.
Some data breaches are small and only affect one person, others are large and affect thousands of people. Data breaches can be intentional or accidental. The most common data breach is when a malicious actor hacks into a company’s computer system or network and gains access to information.
Some data breaches occur when an employee accidentally exposes information on the internet, or bypasses security systems in some way that allows company information to be accessed.
Either way, this sensitive data can be used by cybercriminals to profit from in some way.
How do data breaches happen?
Data breaches are on the increase, and it can seem that every other day, cybercriminals are finding new ways to hack and steal data. But there are certain patterns cybercriminals use that account for most data breaches. These are:
Hacking is the most common cause of data breaches. Malicious actors usually conduct specific attacks, such as malware, SQL injection, credential stuffing or botnets. The most usual form of criminal hacking involves stolen credentials, used to then access a system and steal or access data.
Breaches are not always someone’s fault. Employees can make mistakes or are fooled into thinking emails or links sent to them are legitimate. The most common error of this type is sending sensitive information to the wrong person.
Malicious actors cause data breaches by pretending to be the person they’re targeting (called social engineering). Phishing is one such method, which involves cyber criminals sending emails that look legitimate but are malicious. There is also financial pretexting, which is pretending to be someone to obtain their personal information, usually credit card details.
Ransomware holds files hostage until the victim agrees to pay to unlock them (which doesn’t always eventuate). SQL injection is when arbitrary code is inserted into a web form, which can then corrupt a website. RAM scrapers spy on computers looking for things like credit card information. Keyloggers are software programs that capture the keys struck on a keyboard, looking for passwords.
Around 1 in 12 data breaches are caused by information being used inappropriately by employees. Usually this occurs when employees misuse information they have been given legitimate access to. Sometimes the employee may not be acting maliciously themselves. They might accidentally disclose information after not properly configuring permissions first.
In some situations, an employee ignores access policies, such as altering a document without following company policy.
The second type of data protection issue is called mishandling. This occurs when sensitive information is dealt with by someone not authorized to do so.
Steps to manage a data breach
Any response to manage a data breach should be planned well in advance of it occurring. An incident response plan will guide your organization to limit damage, reduce recovery time and costs, and increase trust from stakeholders.
It can be daunting to consider having to set up a security incident response, and many companies decide to outsource this to a managed security service provider. A MSSP can set up a strategy, management and response security system that ensures your business data is as secure as possible. If a data breach does happen, the MSSP monitoring your network can initiate the security response plan immediately, and ensure the damage is minimal and quickly contained.
The steps needed to manage a data breach include:
- Contain the breach after it has been detected, to stop it from being able to do more damage. All action at this stage should be documented, as this information can be used by forensic investigators to find out how the breach happened.
- A risk assessment needs to be undertaken, to decide what is the risk of harm to affected individuals and stakeholders.
- Notify any affected individuals and appropriate supervisory authorities. There may be timeframes applicable to avoid fines, and your legal advisor will advise you on how to publicly address the incident. All US states have enacted legislation requiring notification of security breaches involving personal information.
- Audit and review the breach and response to the incident. This will inform security teams of how to prevent data breaches in the future and improve the response.
In addition to what has been mentioned, there may be other laws or regulations that apply to your situation. Check with national and state authorities for specific requirements in your industry and for general advice on handling data breaches. For example, if the data breach involves electronic personal health records, you need to check if you’re covered by the Health Breach Notification Rule.
What is the outcome of data breaches?
Data breaches can be catastrophic events with serious consequences. If information stored on your company’s computers or cloud infrastructure is exposed or compromised, it can lead to a major data leak. No organization can afford to be compliant when it comes to security data breaches.
The financial impact of a data breach is one of the most devastating consequences that companies will have to deal with. In 2020, the US had the highest average total cost of a data breach at $8.64 million. The average cost per lost or stolen record in a data breach is $150.
Brand damage is just as costly to business. Up to a third of customers in the retail, finance and healthcare sectors will stop doing business with organizations that have been breached, and 85% will tell others about their experience. Losing customers or stakeholder trust can have devastating consequences on long term business recovery after a data breach.
Business operations are usually heavily disrupted when data breaches occur. Companies need to contain the breach by stopping it from spreading to other systems, then carry out a thorough investigation into where the breach occurred and who was affected.
Operations may need to be fully shut down until investigators get all the answers, they need which can take days, weeks, or even months. It costs an average of $5,600 per minute of downtime, depending on the organization and industry.
Under data protection regulation, organizations are legally required to show they’ve taken the necessary measures to secure their employees’ data. If their data has been compromised, either intentionally or not, employees can seek legal action against them. In 2017, US credit reporting agency Equifax had millions of data records compromised and stolen. The breach occurred due to vulnerability in Apache Struts, a third-party vendor. An IT staffer was tasked to fix the vulnerability and neglected to do so.
This resulted in a series of spiraling events that ended in the leak of personal information and the loss of millions of data records. Equifax was ordered to pay $575 million USD in fines and has subsequently spent over 1 billion USD on security upgrades.
Loss of sensitive data
If a data breach has led to the loss of sensitive personal data, there can be dire consequences. Sensitive personal information is any information that can be used to indirectly or directly identify an individual person.
This information will include a person’s name, email address, IP address, and images of the individual. In some cases, this may also include sensitive personal data such as fingerprints or genetic data of the individual. The end results of this kind of data getting into the hands of cybercriminals can be disastrous.
The key is to be prepared to deal with data breaches, with a coordinated security strategy in place. Talk to the IT security experts at Technology Solutions to stay on top of your organization’s threats