All about Data Breaches, How They Happen and Their Impact
Data breaches have become very common, a data breach is no longer news- you may say! Yes, this is true, to a very great extent. But, let’s look at the other side of it. As data breaches turn increasingly common, governments, organizations and individual users are also stepping up defenses to combat the breaches. Stricter regulations are in place, better security software become available in the market and all kinds of preventive measures are being adopted, to avoid data breaches from happening. One the one hand data breaches continue to happen while on the other hand, the battle against data breaches continues, with doubled energy and enthusiasm.
Data Breach: What is it?
A successful infiltration of a data source, bypassing network security and other access controls, and the consequent extraction of sensitive data etc are things that constitute a data breach. A cybercriminal can execute a data breach either by physically accessing a computer/network or by remotely accessing it, bypassing security protocols. It’s usually the remote kind of data breach attacks that hackers carry out against companies and organizations, though sometimes they try accessing systems physically as well.
The different stages of a data breach operation:
There are three basic stages of a typical data breach campaign, namely research, attack and exfiltration.
The data breach campaign usually begins with research, during which the cybercriminal would probe for holes in the organization’s security. The vulnerability could pertain to people, systems or an entire network. The second stage is the attack phase; the hacker would infiltrate an organization’s network exploiting the weakness that has been detected during the research. It could even be a social engineering attack, which is all about tricking an employee into giving out his/her login credentials or making him/her click on a link with a malicious payload. The third phase, exfiltration, is all about the hacker getting access to the data that the organization has secured and the consequent successful extraction of the data to some external location.
The types of data that cybercriminals target
Cybercriminals who plan data breaches target different kinds of data. This may include business data, medical/healthcare data, banking/financial/credit data, government data, military data, educational data etc. Thus, they target business organizations, government agencies, healthcare firms, education institutions, universities, banks, insurance firms and steal all kinds of data. Of the data that’s stolen, personal information pertaining to the target organizations’ customers can be used for further frauds, including banking frauds, identity theft, blackmailing etc. Such data could also be sold in bulk in the underground markets. The specific kinds of information that hackers look for include card data, name and address, date of birth, Social Security number, email address, telephone number, banking account number, educational data, clinical information, claims information etc. By targeting large companies, hackers can manage to obtain such personal data in large amounts.
Some notable data breach campaigns
Some of the most notable data breach campaigns in recent times include the Equifax hack of July 2017, the Yahoo hack of 2013, the eBay hack of 2014, the Heartland Payment Systems hack of March 2008, the Uber data breach of 2017, the Target hack of 2013, the Timehop hack of 2018 etc.
How to tackle data breaches…
If you have the slightest suspicion that you have been hacked, inform the right people promptly. If you run an organization and it is hacked, inform law enforcement and related authorities. It’s also advisable to initiate an investigation into the incident. If you are an individual, inform concerned authorities, like for example, the bank authorities in case your bank account or card has been hacked. Check your account/card statements and notify the bank if you detect any irregularity.
There are certain things you can do to prevent data breaches. This includes educating yourself about data breaches, staying cautious with incoming emails (to prevent phishing scams), double checking email addresses of all incoming emails, especially those asking for personal info or asking you to click on a link/download a file, proper password management, installing security software (antivirus/antimalware) etc.