What Is a Data Breach?
A data breach is a security incident in which sensitive, confidential, or protected information is accessed or disclosed without authorization. Examples of sensitive data that may be stolen, viewed, copied, or transmitted include credit card numbers, Social Security numbers, medical records, banking information, and more.
Data breaches can occur when a cybercriminal steals local files by physically accessing a computer or network, but more commonly, a cybercriminal will gain access to sensitive information by bypassing network security remotely. Here are the steps typically involved in a data breach, according to Trend Micro :
- Research: The cybercriminal looks for weaknesses in a company’s security. This could be weaknesses within people, systems, or a network.
- Attack: Then the cybercriminal makes initial contact using either a network or social attack.
- Network or Social Attack: In a network attach, a cybercriminal uses weaknesses in infrastructure, systems, and applications to infiltrate an organization’s network. In a social attack, a cybercriminal tricks or baits employees into giving access to a company’s network. Social engineering can take many different forms. Phishing is a common form of social engineering and often occurs through a malicious link, attachment, or email.
- Exfiltration: After a cybercriminal gains access into a computer, he or she can attack the network, find confidential data, and extract it.
The Cost of a Data Breach
According to the 2019 Cost of a Data Breach Report, the average total cost of a data breach in the U.S is $8.19 million. It’s important to note that the costs of a data breach vary according to the cause and the safeguards in place at the time of the data breach. The cost of a data breach is complex, involving numerous different parts.
- Breach detection and escalation: Detecting a breach and escalating it to the proper groups is essential and can be costly. Some organizations will incur costs from audit services and forensic activities.
- Notification costs: Organizations that suffer a data breach need to communicate affected companies and individuals who had data compromised in the breach.
- Post data breach response: After a data breach, organizations may incur regulatory fines, legal costs, and costs associated with reparation.
- Lost business: System downtime, lost customers, reputation loss, and business disruption all contribute to lost business costs.
Generally, the quicker an organization can detect and resolve a data breach, the better the outcome and lower the costs. The average time to identify a breach in 2019 was 206 days and the average time to contain a breach was 73 days, for a total of 279 days.
After experiencing a data breach, organizations that had deployed automated security solutions saw significantly lower costs. Organizations that had not deployed security automation experienced breach costs that were 95% higher.
Main Causes of a Data Breach
Data breaches can be perplexing. How exactly does a cybercriminal gain access to an organization’s confidential data? The Data Breach Report found that there are 3 main causes of a data breach: malicious or criminal attack, system glitch, and human error.
- Malicious or criminal attack: Malicious attacks are the most common cause of a data breach, as well as the costliest cause. Generally, it takes substantially longer to identify and contain a breach in the case of a malicious attack.
- System glitch: System glitches refer to unplanned failures that cannot be tied to a human action.
- Human error: Human error refers to an insider who unintentionally compromises data through social engineering, lost devices, etc.
How to Minimize the Financial Impact of a Data Breach
Many organizations wonder if there are specific steps they can take to minimize the financial consequences of a data breach. Based on research of what causes higher data breach costs, the Data Breach Report outlines a few steps that can help:
- Have an incident response team, create an incident response plan, and then be sure to test it.
- Improve customer trust to reduce turnover in the event of a breach.
- Discover, classify, and encrypt sensitive data and identify database misconfigurations.
- Invest in technologies that help improve the ability to rapidly detect and contain a data breach.
- Invest in governance, risk management, and compliance programs to help evaluate risk and ensure you’re meeting regulatory requirements.
- Minimize the complexity of IT and security environments.
What To Do After a Data Breach
If your organization has been the target of a data breach, you may be wondering what steps you should take next. Although steps will vary based on your organization and the severity of the breach, there are a few common steps that most organizations will take after a data breach.
- Secure your operations: It’s crucial that you secure your systems and fix the vulnerabilities that caused the data breach in order to stop additional data loss.
- Analyze and verify: Check your network segmentation, analyze your backups, and verify what data was compromised.
- Notify the appropriate parties: You should notify law enforcement, other affected businesses, and affected individuals. Be sure to look into your legal requirements. In some cases, you may be required to notify the Federal Trade Commission (FTC) and the media.
For a more detailed response plan, check out this guide from the FTC .
How RTI Can Help
A partner like Riverside Technologies, Inc. (RTI) can help ensure your data is secure. Through automated remote alert remediation and 24/7 remote monitoring, we can quickly detect and resolve issues before they cause downtime. Contact our experts today to learn more!
Date Posted: 10/14/19
Date Last Updated: 10/14/19
By: RTI Marketing Team