A data breach occurs when sensitive, confidential or protected information is accessed, disclosed, stolen or used by an unauthorised individual or organisation. Businesses and individuals need correctly configured Cyber Security protection against potential cyber threats, including Data Breaches.
A data breach is unauthorised access or acquisition of sensitive information from a computer system or database, such as personal data or financial information. This can happen through hacking, phishing, malware, or other means. The consequences of a data breach can include identity theft, financial loss, and reputational damage to an organisation or individual.
The pandemic caused a significant move to remote access to systems and data, with the result that there has been a quantum increase in malicious activity. Malware attacks, particularly ransomware, have increased, and network based attacks to deny service to corporate systems have increased. Such attacks are not limited to corporate systems.
Home networks are also targets. The threats to home systems have increased with always on access through fibre or cellular access to home networks. Home security systems could be switched off, or access to treasured family memories stolen.
Most organisation have ramped up their Cyber Security and are continuing to do so. Most home networks need to also do so.
It’s fair to say that user action or inaction, malicious or innocent, can enable a data breach.
Common attack vectors for data breaches include:
- Phishing scams – Simply put an attempt to trick individuals into revealing sensitive information, such as login credentials or financial information. A user, seeing an email apparently from a colleague or trusted sender clicks on a link that either takes them to a fake website or install malware on their computer. The website and malware harvest user credentials.
- Malware – Users inadvertently download malicious software that can infect a computer or network, potentially giving attackers access to sensitive information.
- Ransomware is a particular type of malware that encrypts a victim’s files and demands a ransom payment in exchange for the decryption key. Again, user action is needed to download it. Strictly speaking, it is not a data breach, but a data breach can be a side-effect of a ransomware attack.
- False IT Support – Some calls pretending to be from IT Support ask for remote access to your desktop. When permitted, they install malware that steals your credentials and later use them to access confidential corporate information.
- SQL injection – A technique used to exploit vulnerabilities in web applications, allowing attackers to execute arbitrary SQL commands and potentially gain access to sensitive information.
- Social engineering – Attempts to manipulate individuals into divulging sensitive information, such as through pretexting, baiting, or tailgating.
- Insider threats – Employees or contractors who have access to sensitive information and may misuse it for personal gain or to cause harm to the organisation.
A specific category is terminated or resigned employees. Once an employee is terminated or resigns their access credentials must be revoked. A disgruntled employee can cause havoc in a network environment, and a departing employee can steal confidential information for later use.
- Weak or stolen credentials – Passwords or other authentication information that is easily guessed, stolen, or obtained through phishing or other means.
- Unpatched software – Outdated software that may have known vulnerabilities that has not been addressed with a patch or update.
Data Breach – How to Know When You are Involved in One
If you suspect that you are involved in a data breach, there are a few signs to look out for, such as:
- Unusual activity on your accounts, such as unauthorised purchases or login attempts.
- Emails or texts from unfamiliar sources asking for personal information.
- Pop-up messages or phone calls claiming to be from your bank or other financial institution asking for personal information.
Data Breach – What to Do Next
If you suspect that you have been a victim of a data breach, you should take the following steps:
For a corporate network immediately report it to IT.
For a home network:
- Report the incident to the relevant authorities, such as the police and the Federal Trade Commission (FTC) in the US. You may need to do this as a condition of insurance coverage.
- Change your passwords for all affected accounts.
- Monitor your accounts for any suspicious activity.
- Contact your bank or financial institution to report the breach and ask for their guidance on how to proceed.
- Consider signing up for a credit monitoring service to keep an eye on your credit reports and financial accounts.
It is important to be vigilant and take immediate action if you suspect that you have been a victim of a data breach, as it can help to minimise the damage and protect yourself from potential fraud or identity theft.