Data Breach

December 20, 2022

Data breach definition

A data breach is a security incident where an organization’s data is illegally stolen, copied, viewed, or released by an unauthorized individual or group. Common forms of targeted data include personally identifiable information (PII), proprietary information, financial information, and other sensitive material.

How do data breaches happen?

Any organization with sensitive data can be the subject of a data breach regardless of size or industry sector. Attack methods vary, but all data breaches follow four broad steps:

1. Planning2. Intrusion3. Positioning4. Exfiltration
Threat actors research and study a target organization, probing systems and identifying vulnerabilities. With a weakness identified, threat actors use an access tactic such as phishing to gain entry to a system.The threat actors next move through the victim organization’s network as needed to collect their target data. Data is copied or retrieved from the system. This can happen both immediately after an initial intrusion or months later.

To complete this cycle, threat actors leverage numerous tactics to obtain data. Common methods include:

Stolen or compromised credentials: The threat actor uses a legitimate user’s credentials such as their login and password to access a target system.

Phishing: A malicious email using social engineering to manipulate the reader into giving the sender sensitive information such as credentials or access to a larger computer network.

Breach of third party software: Exploiting a flaw in a software used by the target organization. For example, leveraging a flaw in Microsoft Word’s code to access a company’s network.

Malicious insider: A person within the target organization who intentionally uses their access to steal data or help others steal data.

Accidental data loss: Can include the accidental publishing of sensitive data to the internet, a legitimate user unintentionally releasing their credentials, loss of equipment, and other mishaps.

The top 5 ways a data breach occurred in 2022

According to research from the Ponemon Institute, the most common breach methods were:

  1. 19% – Stolen or compromised credentials
  2. 16% – Phishing
  3. 15% – Cloud misconfigurations
  4. 13% – Breach of third party software
  5. 11% – Malicious insider

Consequences of a data breach

Many data breaches can go months before the victim organization detects the intrusion and often costs millions of dollars in recovery. Some of the major consequences from a data breach include:

  • 4.35 million dollars: the average cost of a data breach globally in 2022, an all-time high. (IBM Report)
  • 9.44 million dollars: The average cost of a data breach in the United States in 2022, the highest of any nation.
  • (IBM Report)
  • 277 days: The average time to identify and contain a data breach in 2022. Broken down, this was 207 days to identify the breach and 70 days to contain the breach. (IBM Report)
  • Loss of customer trust and long term damage to the reputation of the impacted organization.
  • An inability to conduct business to include severe delays and complete halts in operation.
  • Further exploitation. Sometimes an initial data breach is just the first step in a longer intrusion campaign targeting an organization.

Examples of recent and famous data breaches

Yahoo, August 2013: Widely considered the biggest data breach of all time with 3 billion accounts impacted. In 2013, the company announced an initial estimate of 1 billion, then in 2017, increased the number to 3 billion demonstrating the difficulty of accurately assessing the damage of a breach immediately after it occurs. Hackers stole account information such as names, email addresses, birth dates, passwords, and more.

Solar Winds, April 2021: A routine update for the Company’s Orion software turned out to be a malicious intrusion tactic by hackers supporting the Russian intelligence service. Solar Winds estimated 18,000 personnel downloaded the false update leading to an estimated compromise of about 100 companies and a dozen government agencies.

LinkedIn, June 2021: The professional networking social media company found 90% of its user base impacted when data associated with 700 million of its members was posted to a dark web forum. A hacker group executed data scraping tactics to exploit LinkedIn’s API and retrieve information such as email addresses, phone numbers, geolocation records, and more.

11 Tips to prevent a data breach

There’s no better time than the present to start securing and preparing your organization to prevent a data breach. It’s not a question of if you’ll be targeted but when.

1. Have a data breach response plan in place

An effective plan should establish best practices, define key roles and responsibilities, and define a process for the organization’s response. Focus on restoring data and systems’ confidentiality, integrity and availability, and external requirements such as contacting an insurance carrier or law enforcement entity.

2. Develop a cyber strategy and roadmap

Once you understand the risks to your organization and the gaps within your cybersecurity defenses, set goals to mitigate risk. These efforts should be prioritized as part of a strategic roadmap to improve your overall cybersecurity.

3. Augment your IT team with scalable cybersecurity expertise and resources

Cyber talent is hard to find and expensive to retain. Professional security consultants have access to the latest threat intelligence to guide your cybersecurity and response to any intrusions or detected events.

4. Identify, isolate and log access to critical data

Focus your limited resources on those areas of the network that are most critical to your business. Determine where your most  sensitive data or networks are located and implement increased logging and network monitoring. Actively monitor network access.

5. Execute software updates

Patching operating systems and third-party applications is one of the most inexpensive, yet effective ways to harden a network. Build a strong patch management process and ensure that critical security patches are installed as soon as  possible. Update legacy software and systems.

6. Manage user credentials rigorously

The news is littered with companies that didn’t adequately protect their user accounts. Passwords are consistently reported as being offered for sale on the darknet. If your organization maintains user accounts, audit your password storage functions.

7. Require two-factor authentication (2FA) at login

Remote access into your network should always require two-factor authentication. Consider also requiring 2FA for sensitive administrative accounts.

8. Change default passwords

One of the simplest attacks is to use a default password that is shipped out-of-the-box by a vendor. Default passwords, especially for hardware devices (e.g., Wi-Fi routers), can allow direct access to critical data.

9. Train like you fight

Testing readiness with tabletop exercises offers immense benefits when it comes to being operationally ready for a data breach. Working through roles, responsibilities and the steps of a complete incident response plan prepares a team for action and identifies weaknesses.

10. Educate your staff

Training and educating your staff enhances and expands cybersecurity abilities. Consider classes on threat hunting to ensure a proactive approach to detecting intrusion attempts.

11. Encourage information sharing

Organizations that are better able to detect and respond to breaches often have integrated fraud and IT security departments. Encourage regular information sharing in your organization.

Protect your data with CrowdStrike Falcon

Data breaches are prolific and your organization’s security will only be as strong as your personnel and their ability to detect threats. Try the industry leading software platform with a free trial. Start protecting your data today.

Start Free Trial