The Basics of Data Breaches
For businesses, the risk of cyberattacks is a very real threat. Businesses hold significant amounts of data about their customers – often financial – so it’s vital to have processes in place to protect against data breaches.
A data breach occurs when sensitive, confidential or protected data is exposed, viewed and often shared without permission. This usually happens as a result of a cyberattack.
Data breaches are often confused with data leaks. In fact, they’re two different things. A data breach occurs as a result of a cyberattack from an outside trigger, whereas a data leak is when the data is unknowingly exposed from an internal trigger. Although the outcomes are similar, the way that the exposure is caused differs.
The Most Common Types of Data Breaches
To protect yourself and your business from data breaches, it’s important to understand where the threat is likely to come from. The most common types of data breaches are:
- Phishing —Phishing attacks occur when fraudsters create websites or emails that mimic genuine websites or brands with the aim of getting important information. They will often copy colors, fonts, logos and branding to trick people into believing that they are someone else and divulge information—often financial.
- Malware—Malware such as ransomware attacks occur when hackers manage to access your system, and then hold the business ransom under the threat of releasing or deleting the information.
- Man–in–the–middle (MITM)—A man–in–the–middle cyberattack occurs when an attacker manages to intercept communication between two entities. With this accomplished, they’re able to obtain sensitive information; often financial data such as bank details and customers’ personal information.
- Denial-of-service (DoS)—A denial of service attack is a type of cyberattack whereby the targeted business’ website is flooded with traffic, meaning that their systems become overwhelmed, disrupting the business’s normal service.
What are the Costs of a Data Breach?
Data breaches can be very costly and extremely stressful and disruptive to both businesses and their customers.
As a consequence of a data breach, there may be a lack of trust in a business by their customers. The breakdown of the business–customer relationship can significantly affect a consumer’s willingness to use or buy from a business going forward, costing both in loss of revenue from returning and loyal customers and also the need to spend more on finding and onboarding new customers.
Data breaches can cause costly downtime. Every second that customers cannot access a website or service costs money through loss of revenue. In addition, any time that employees are unable to access computer systems also costs time and efficiency.
Lastly, there’s a significant cost to the recovery of data. You might need to pay a company to restore your systems or use a significant amount of employee time to do this.
Infamous Data Breaches
There have been countless data breaches in the past few years, sometimes happening to very large companies with extensive security measures.
- In 2013, Adobe found that 153 million users’ accounts were breached. The breached data consisted of email addresses, encrypted passwords and password hints, plus internal IDs.
- In 2017, Yahoo found that hackers had compromised one billion accounts. Security questions (and answers) and passwords were stolen, heightening the chance of identity theft. This is still known as one of the largest data breaches in history.
- EasyJet suffered a cyberattack in 2020 that resulted in the theft of travel details, email addresses and credit card details of 2,208 of their customers. It was a highly sophisticated cyberattack that violated the EU GDPR regulations.
- In 2021, LinkedIn found that data that was linked to 700 million users was posted onto the dark web for sale. It’s estimated that this impacted 92% of LinkedIn’s users, exposing user information such as email addresses, phone numbers, geolocation records, gender and other social media account information.
Prevention of Data Breaches
There’s not one single thing that companies can do to help to prevent data breaches. It’s important to use a layered, defense-in-depth strategy and a continuous process of staying as up-to-date as possible on threats, attack vectors, vulnerabilities and mitigations as the digital world is continuously evolving.
Although there’s always going to be a risk of cyberattacks as cybercriminals become increasingly adept at stealing data, here are some ways that businesses can protect their data:
- Evaluate vendors’ security measures
Even if a business’s security is watertight, its vendors’ security may not be. The business’ and their customers’ data can be at risk from any vendor they integrate with. To reduce this risk, a company should evaluate its security measures and put its own in place to minimize this risk.
- Educate employees
Although not necessarily done on purpose, humans can be a weak point in the security system. Educating employees about potential data security risks, including how to identify phishing emails, will help to prevent successful cyberattacks.
- Set up alerts
Alerts, such as multiple log-in attempt alerts, can be a good indicator of a potential data breach. Businesses can set up these alerts alongside a system for monitoring and evaluating them so that they can catch these attacks before they escalate.
- Have a disaster recovery plan
Sometimes the worst does happen and it’s important for companies to have a disaster recovery plan in place if it does. Recovering and restoring data as quickly as possible and reducing downtime are imperative. When reviewing a disaster recovery plan, there are various bases to cover, including virtual readiness, workload mobility and scalability.
The digital world is constantly changing and cyberattacks are becoming more sophisticated. In today’s world, cybersecurity and data breach prevention are aspects of today’s business that we can’t afford to ignore.
