Any accidental or deliberate disclosure of confidential information to an unknown network is a Data Breach. The United States of America and most European countries account for an overwhelming majority of the significant data breaches. What’s more worrying is the rate at which data breaches are hitting and impacting businesses shows no signs of slowing.
What is Data Breach & Types
In general, there are three types of data breaches. They are:
- Physical – It can also be referred to as ‘Corporate Espionage’ or efforts to obtain trade secrets by dishonest means, such as computer tapping.
- Electronic – unauthorized access to a system or network environment where data is processed, stored, or transmitted. Access can be obtained via web servers or websites to a system’s vulnerabilities through application-level attacks.
- Skimming is the capturing and recording of magnetic stripe data on the back of credit cards and debit cards. This process uses an external device which is sometimes installed on a merchant’s POS without their knowledge.
Recent Data Breach Incidents
Several incidents of data breaches resulted in the selected loss of 30,000 records in the recent past. You can find more information about it in the form of a visual representation on this website. It offers a beautiful & informative tour of the world’s most significant data breaches in recent years.
Some of the significant Data Breaches were:
Madison Square Garden Credit card data breach: Massive year-long credit card breach was reported at Madison Square at four of its venues in New York City. The breach compromised credit and debit cards used at concession stands.
Yahoo Email Accounts Hacking: The email giant discovered a major cyber attack when an unauthorized party broke into the accounts of Yahoo users via “forged ‘cookies'” – bits of code lying hidden in the user’s browser cache so that a website doesn’t require a login with every visit. The company claimed the breaches were “state-sponsored” and acknowledged that a hacker accessed proprietary code.
Anthem: In Feb 2015, D.O.B, member ID. The social security number and other related information of the members of Anthem, the second-largest health insurer in the US, was stolen. The medical data breach of the information held by Anthem Inc affected 80,000,000 users.
Brazzers Data breach: In September 2016, Hackers cracked adult site Brazzers, spilling details of over 8 lakh users. This included unique email addresses, user names, plaintext passwords, and more. Fortunately, most of the entries were duplicates.
Dailymotion attack: One of the world’s most popular video sharing sites suffered a data breach that involved the loss of tens of millions of users’ email addresses and associated passwords on 6th December 2016.
Ways to Prevent Data Breaches
Preparedness and Proactivity are the keys to stopping this growing menace. More energy and efforts are put into cleaning up the mess, after a breach has occurred than planning for the breach and having a quick response system in advance. Everyone should have an incident response plan to control the situation during a breach. It helps control actions and communication and ultimately lessens the impact of a breach.
A vast majority of the data breach incidents can be stopped by resorting to an approach of a layered defense. This approach to network security ensures that if an attacker penetrates one layer of defense, he is immediately stopped by a subsequent layer. How is this done? By reducing the Attack Surface.
Attack Surface
The term denotes the total sum of the vulnerabilities in each computing device or network access to a hacker. Anyone attempting to break into a system begins mainly by scanning the target’s attack surface for possible attack vectors (whether for an active attack or passive attack). So, the first step in strengthening the defense is to close unnecessarily open ports and limit the resources available to untrusted users through MAC address filtering.
Reducing Vulnerability to Phishing Attacks
Phishing is one of the most widely used methods of identity theft. One can stay safe and avoid falling prey to it by keeping a check on simple things like staying alerted of emails that come from unrecognized senders, emails that aren’t personalized, and emails that ask you to confirm personal or financial information over the Internet and make urgent requests for this information.
Besides these, several industry guidelines and government compliance regulations mandate strict governance of sensitive or personal data to avoid data breaches. Countries where such a framework is absent or weak should adopt robust laws to protect consumers.
What are the types of data breaches?
Physical data breaches, electronic data breaches, and skimmed data breaches are all different types of breaches. Risk and consequences are similar across all of them, but how they are executed differs.
How is an internal data breach identified?
An internal data breach discovery plan can be set up in two easy steps. An overview of the process looks like this: Identify data of value – finding the data sets that relate to business processes is the easy part. The hardest part is finding out if any copies of the data exist elsewhere.
