A security breach is a problem of our times. Recently, we talk a lot about the security of the digital sector that, even if it has been existing for decades, never really concerned every one of us on such a scale. It’s only since cameras and computers have entered our houses and became widespread that they instantly started to raise fears. What precisely “a security breach” means? According to specialists, it’s an incident that results in unauthorized access to computer data, applications, networks, or devices. Typically, it occurs when an intruder is able to bypass security mechanisms.
Security Breach: What You Need to Know
Security breaches are announced almost every day, affecting millions of individuals. The media report thousands, if not millions of people victimized by data breaches daily: Target, eBay, Jimmy John’s, Neiman Marcus, and Home Depot were all hit by hackers. There were 160,000 breach notifications across the EU-28 and Norway, Liechtenstein and Iceland with €114 million in fines imposed in the period between May 25, 2018, and January 27, 2019.
Verizon’s annual Data Breach Investigations Report for 2020 reviewed 32,002 security incidents and confirmed 3,950 data breaches across 16 industries. Approximately 62 percent of them impact smaller businesses. These security breaches are more than just data loss. The biggest issue is an influence they have on the overall availability of services, the reliability of products, and the public trust in a brand.
Five top things to know about the cyber threat
– It’s getting personal. Email addresses, names, phone numbers, etc. Personal data was involved in 58% of breaches, twice the percentage as last year. Improved reporting may account for some of that rise, though.
– It’s all about the money. Corporate espionage accounts for 10% of breaches. 86% are financially motivated. Those headline-grabbing advanced persistent threats? 4%.
– It’s coming from inside the enterprise. Internal error-related breaches doubled to its highest level yet. Again, some of this may be due to improved reporting thanks to laws like the GDPR.
– It’s because of humans. More than 67% of breaches were as a result of credential theft like phishing, social attacks, or just plain human error. Increased reporting or no, the percentage that’s our fault stayed steady.
– It’s moving to the web. Attacks on web apps doubled to be part of 43% of breaches, which makes sense as we move to web apps the attackers follow. Less than 20% of the breaches were because of vulnerabilities. The majority were credentials that were stolen or brute-forced.
The countries with the most GDPR data breaches
The EU’s General Data Protection Regulation or GDPR provides individuals with control over their personal data and unify EU regulation. DLA Piper released data showing the level of GDPR data breaches across the EU and EEA between May 25, 2018, and January 27, 2019. As we see below, the Netherlands had the highest number of breaches during the period examined, followed by Germany and the United Kingdom.
The Netherlands also had the highest number per 100,000 of its inhabitants, with 147.20, followed by Ireland’s 132.52. Interestingly, despite having only 3.2 branches per 100,000 people, France had the highest value of imposed fines at €51.1 million, followed by Germany that imposed €18.1 million.
To check some of the world’s biggest data breaches and hacks, see this animated graph or the other one. Commenting on the newest, 2020 report, Ross McKean, a partner at DLA Piper specializing in cyber and data protection, says: “GDPR has driven the issue of data breach well and truly into the open. The rate of breach notification has increased by over 12% compared to last year’s report, and regulators have been busy road-testing their new powers to sanction and fine organizations”.
What do we fear?
Cameras and devices that we use daily need security tools. This branch of protection is also known as cybersecurity. A security breach means a successful attempt by an attacker to gain unauthorized access to an organization’s computer systems. A data breach is when someone illegally obtains information about your customers, causing them to suffer from identity theft and fraudulent credit card charges.
Breaches may involve the theft of sensitive data, corruption or sabotage of data or IT systems, or actions intended to deface websites or cause damage to reputation. Today’s consumers use personal computers and mobile devices to conduct online transactions.
And as this procedure was becoming more and more common, criminals have learned to attack large networks and steal data records, committing identity fraud on a massive scale. It doesn’t surprise that with so much at stake, customers, employees, revenue, and the good name and reputation, the fear of being attacked raises concerns in companies and private users. We have reasons to keep us aware of this threat because it’s real and common.
Types of a security breach
There are the following attack methods:
– Hacking – Major corporations are prime targets for attackers attempting to cause data breaches because they offer such a large payload (millions of users’ personal and financial information, such as login credentials and credit card numbers). This data can all be resold on the black market.
– Lost or stolen credentials – The simplest way to view private data online is by using someone else’s login credentials to sign into a service. To that end, attackers employ a litany of strategies to get their hands on people’s logins and passwords. These include brute force attacks and man-in-the-middle attacks.
– User error (lost media containing data, computer left unlocked, etc.)
– Social engineering attacks – social engineering involves using psychological manipulation to trick people into handing over sensitive information. For example, an attacker may pose as an IRS agent and call victims on the phone in an attempt to convince them to share their bank account information.
– Malware– Cybercriminals often use malicious software to break into protected networks. Viruses, spyware, and other types of malware often arrive by email or from downloads from the internet. You might receive an email with an attached text, image, or audio file, and opening it could infect your computer. Otherwise, you might download an infected program.
– Credential fraud – After someone’s login credentials are exposed, an attacker may try re-using those same credentials on dozens of other platforms. If that user logs in with the same username and password on multiple services, the attacker may gain access to the victim’s email, social media, and online banking accounts.
– Physical attacks (e.g., skimming hardware on ATMs, physical point-of-sale attacks) – These attacks target credit and debit card information and most often involve the devices that scan and read these cards. For example, someone could set up a fake ATM or even install a scanner onto a legitimate ATM in hopes of gathering cards and PINs.
– Insider attacks (“misuse” of privilege, unapproved hardware/software) – These involve people who have access to protected information deliberately exposing that data, often for personal gain. Examples include a restaurant server copying customers’ credit card numbers as well as high-level government employees selling secrets to foreign states.
What do you do if you are under attack?
Data breaches come in so many forms. Not surprisingly, there is no single solution to stop them, and what’s needed is a holistic approach. Let’s begin with a common-sense approach to data security. This involves practices such as unique passwords for online services, not using credit cards with suspicious vendors. Further, keeping software up to date with security patches and use security software (antivirus and malware blockers) that will help mitigate data breaches.
Employers should ensure that their employees only have the minimum amount of access and permissions necessary to do their jobs. Companies should also prepare a response plan to be executed in the case of a data breach, to be able to successfully minimize or contain the leak of information.
Be aware of bad habits
If your business practices any of these habits, you could be in threat of a data breach:
– Using old, familiar technology. This is an easy way to breach – it was Target’s issue.
– Using the same POS system at all of your locations. Once someone figures out the system, they have access to all your stores; that one was Jimmy John’s issue.
– Not updating your information encryption. Even if info is stolen, it’s useless if it’s encrypted; this was Home Depot’s issue.
– Insecure employee login credentials. Be sure to protect yourself by using strong and different passwords on all devices and software, change them often, and tell them to no one; this issue happened at eBay’s.
– Not monitoring computer systems. Monitoring not only helps keep breaches from occurring but if one does occur, you’ll catch it quickly before a greater amount of damage is done; this was Neiman Marcus’s case.
How can you plan and protect?
Data Protection is about planning and protecting yourself from a disastrous data breach to guard against the attack methods. It may include consulting professionals, who specialize in preventing identity theft and offer data breach services. You can do more to shield your employees and business partners by understanding the risks of identity fraud, determining how serious a threat can be to your company, and preparing a data breach protection plan against being compromised before it happens to you.
A data breach response plan is a strategy put in place to combat breaches after they occur to diminish their impact. A well thought out plan ensures every person in a company knows their role during a breach to discover, respond, and contain it promptly. These plans provide peace of mind during a crisis since the steps are already tested and laid out, as opposed to formulating a plan amid a breach. Three factors that crucially impact data breach response time are preparation, technology, and privacy laws.