What is a Data Breach and How to Avoid it
A data breach, sometimes referred to as a security breach, is any incident that results in unauthorized access to computer data, applications, networks, or devices that results in information being accessed without authorization. Most often, breaches occur when an intruder is able to bypass the security mechanisms of an organization. No company is immune, as companies of all sizes can suffer a serious data breach, resulting in the loss of millions of dollars. According to Statistica, the average cost of a data breach in the United States, in 2022, amounted to 9.44 million dollars, and the global average cost per data breach was 4.35 million U.S. dollars.
Top Five Causes of a Data Breach, and How to Prevent Them
For most organizations, a data breach can be a disaster. The compromising of secure customer information and internal business data can wreak havoc financially, cripple operations, and damage the reputation of the business. And these surface-level costs are just the beginning. There are many hidden costs related to breaches as well. For instance, consider the legal fees that may come into play, along with incremental PR spend and insurance premium hikes. Furthermore, regulations for securing data, such as the General Data Protection Regulation (GDPR) imposed by the government and the industry, make it critical for a company to achieve and maintain compliance wherever it does business. In 2015, for example, the FCC slammed AT&T with a $25 million fine as a result of a data breach that led to the disclosure of information related to thousands of accounts.
Knowing what causes a data breach is the first step in preventing one. The following outlines the top reasons why data breaches happen, and how to best mitigate your risk.
1. Old and Unpatched Security Vulnerabilities
Unpatched vulnerabilities are a favored entrance route for bad actors to breach networks. They occur when security teams fail to patch, or “fix”, a vulnerability in a widely used software, which then becomes a direct attack pathway for ransomware. Leaving old security vulnerabilities unfixed gives malicious intenders a free pass to your company’s most sensitive information. The best way to prevent data breaches from unpatched software vulnerabilities is to set a regularly scheduled routine every month to patch your systems. You can do it most efficiently all in one event over a weekend, or you can elect to do 20% of them at a time over the course of the month.
2. Human Error
Unfortunately, one of the biggest sources of a data breach isn’t some unknown or forgotten security bug, it’s human error.
According to statistics from a CompTIA study cited by shrm.org, “Human error accounts for 52% of the root causes of security breaches.” Some common scenarios include:
● The use of weak passwords, defined as those that are easily guessed by unauthorized users. Examples include “1234”, “password”, “temp”, etc.,
● Sending sensitive information to the wrong recipients,
● Sharing password/account information, and
● Falling for phishing scams, which are a type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker.
Many of these human errors can be prevented by making sure employees know their basic data security measures through the implementation of programmatic security training.
3. Malware
Malware, or software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system, isn’t just a problem for personal computers at the homes of employees, it’s an ever-expanding threat aimed directly at your company’s systems. According to the Verizon DBIR 2015, “5 malware events occur every second.” This same study found that many malware programs come from just a few different “families.” According to Verizon, “20 families represented about 70% of all malware activity.” The main reason is that many hackers make minor modifications to existing malware programs to try and make them unrecognizable to antivirus programs, while still producing the intended effect.
Installing anti-virus and anti-spyware software and the use of multi-factor authentication are just two ways to help prevent malware attacks.
4. Insider Misuse
This cause of company data, while closely related to human error, is more deceptive in nature. Human error infers an innocent accident or mistake. In contrast, Insider misuse is the deliberate abuse of your company’s systems by an authorized user, typically for personal or financial gain.
With Insider Misuse, the malicious actor is someone in whom your organization has placed trust. And oftentimes insider abuse is not discovered until the forensic examination of the abuser’s devices after he/she has left the company.
While difficult to prevent, damage from Insider Abuse can be limited through the compartmentalization of information on your network or cloud. The fewer files and systems a single user can access, the harder it is for them to abuse their access.
5. Physical Theft of a Data-Carrying Device
How many times have you been working out of your local coffee shop only to leave your table for a few minutes to refill your cup? Last on this list of common data causes of data breaches is the physical theft of a device that holds a company’s sensitive information. This can include laptops, desktops, smartphones, tablets, hard drives, thumb drives, CDs & DVDs, or even servers.
The severity of a data breach from a stolen device depends largely on the nature of the information stored on the device. More sensitive info generally equals a more severe data breach if the device is stolen without being wiped.
Most of these thefts are opportunistic in nature, making them difficult to predict. The best solution is often to reduce the opportunities for removing data-storing devices from the work site.
Security concern is a function of threat and vulnerability. Know where your organization stands in protecting itself from a server data or security breach. Contact us today to assess your security solution needs. www.PulseOne.com
