2018 was dubbed the ‘Year of the Data Breach’ by cyber security experts. The list of major companies that were hacked that year was shocking, as it included some of the world’s most well-known tech, travel, and retail organizations. Often, when an organization has experienced a cyber security breach, they may not even be aware for quite some time. A study done by the Poneman Institute in 2018 revealed that on average, data breaches go undiscovered for 197 days. Also disturbing is that it can take approximately 69 days to remedy the breach, meaning that by the time the failure has been detected and fixed, major damage has been done.
So, what exactly are cyber security breaches and how can you protect your business? We’ll explain below.
Technically speaking, a data breach isn’t an attack or threat. Instead, it is a result of a cyber-attack that allowed hackers to gain access to an organization’s systems and steal sensitive, private or confidential data. This is commonly personal information or financials like consumer credit cards, addresses, identification numbers and more.
The cyber-attacks that are commonly used in cyber security and data breaches are from either broken or misconfigured access controls, spyware or phishing emails. Typically, the goal with a breach is to steal sensitive personal and financial information, however, hackers will steal whatever they can get and sell it on the black market. Sometimes, hackers will just steal the data because they can and there even was a famous case several years back when VTech was breached on the data of over 5 million people. The attacker that claimed responsibility simply flaunted their skills and said they would not be sharing the information with anyone.
There are a number of ways breaches happen and these are the most common.
Exploit – When an attacker manipulates a vulnerability in software or a bug to gain unauthorized access to an organization’s system and information, it is called an exploit. Often software vulnerabilities lie buried with system code and it can be a race for a hacker to find the opportunity before cyber security experts can fix it. Commonly exploited software includes Microsoft Office, Adobe applications and internet browsers.
Spyware – When malware is used to infect a computer or network and steal information about the users, system usage and data is another common method. Often people will install spyware without realizing it from a seemingly harmless download.
Phishing – These attacks are when someone is prompted to share sensitive information like a username or password via social engineering tactics. These attacks play on emotions like fear and will present themselves in the form of something like an email from a trusted source, like someone’s bank, demanding that they verify their account number and password to confirm if unauthorized purchases were made. Once someone enters that information, the hacker has access to that account.
SQL Injection – This is an attack against the SQL database management of unsecured websites. It will attempt to get the website to divulge private information. For example, a hacker can try to manipulate a website into displaying customers’ names and information by entering a code in a search box online and often there are many automated forms of this type of attack.
Being subject to a data breach can be incredibly damaging to an organization, from financial loss to ruined reputation and lost consumer confidence. There’s no better time for businesses to be prioritizing taking action against potential cyber security breaches. To understand the risks your organization may be faced with and how MBC can give you peace of mind that your data is secure, get a free assessment today.