Data breaches occur when information security and data security are compromised, resulting in sensitive information, personal information or other sensitive data being exposed, copied, transmitted, viewed, stolen or used by people with unauthorized access.
Cyber attacks, social engineering and phishing, ransomware and other types of malware, physical theft of hard drives, slow vulnerability assessment and patching cadence, bad information security policies, poor security awareness training and a lack of general cyber security measures can all result in data loss and data breaches.
Common targets that cyber criminals look for include:
- Financial information like credit card numbers
- Personal data like social security numbers to be used in identity theft
- Personally identifiable information (PII) like phone numbers and social media accounts
- General data that is valuable to your organization or your competitors such as suppliers and key business relationships
Whether your organization is a small business or large multinational, there are basic data breach prevention techniques you can use to reduce the risk of common security threats.
With the introduction of General Data Protection Regulation (GDPR) and other data breach notification requirements, protecting against data breaches and having an incident response plan for when you are breached is essential.
Does my organization need to worry about data breaches?
Regardless of the size of your organization, you should be worried about and doing your best to prevent data breaches.
When data breaches make the news, it's typically because it occured at a large multinational such as Yahoo, Google or Equifax. In fact, Yahoo has been the victim of many of the world's biggest data breaches. This can give small businesses a false sense of security, in reality small businesses are as much of a target of data breaches as large corporations.
Even small businesses possess valuable data that can be the target of cyber criminals:
- Employee personally identifiable information (PII) like birthdates, social security numbers and full names
- Client names, email addresses, phone numbers and passwords
- Banking information including account and routing numbers
- Credit card numbers
While it's true security breaches at large organizations net cybercriminals a higher payoff, small businesses tend to have fewer security protocols and no security team in place, making them easier targets.
The average cost of a data breach at small to midsize businesses is $86,500 in recovery expenses (1). For enterprises, this number rises to $861,000 (2). According to other reports, this number is more like $3.92 million.(4)
How do data breaches happen?
Attackers are becoming increasingly sophisticated at devising new ways to steal sensitive data. For example, the 2017 WannaCry ransomware worm impacted more than 200,000 victims in 150 countries (3) as a result of hackers exploiting a vulnerability in older versions of Microsoft Windows. The vulnerability was patched months prior but many Windows users never updated their operating system, leaving them vulnerable to the exploit.
However, many data breaches are not caused by sophisticated cyber threats. In fact, many cases are caused by simple human error such as poor configuration, no or weak encryption or third and fourth party vendor breaches. This is known as a data leak.
In general, there are several common sources for security breaches including:
- Data leaks
- Lost, stolen and cracked passwords
- Vulnerability exploits
- Poor configuration management
- Third and fourth-party data breaches
Even though attackers have been exploiting these techniques for years, many organizations still fall prey to them. As such, we'll walk through each in detail.
How to prevent data leaks
A data leak is when sensitive data or personally identifiable information (PII) is accidentally exposed physically, on the Internet or in any other form including lost hard drives or laptops. Data leaks allow cyber criminals or anyone to access data without gaining unauthorized access.
A common form of data leakage is called a cloud leak. This is when cloud data storage services like AWS is poorly configured, resulting in data being crawled by Google and exposed to the Internet. And while AWS does secure S3 buckets by default, we believe that S3 security is flawed by design and most people have poorly configured S3 permissions.
AWS isn't the only culprit for data leakage. Azure, Google Cloud Platform (GCP) and misconfigured GitHub repos have all proven to cause unintended data leakage if poorly configured. This is why configuration management tools are an important part of preventing data leaks and data breaches.
To prevent data leaks, use configuration management to ensure cloud services are not exposing data to the Internet.
How to prevent phishing related breaches
Phishing is a form of social engineering that attempts to gather sensitive information like login credentials, credit card numbers, bank account numbers and other financial information by masquerading as a legitimate site or email.
Phishing scams trick victims by using a sense of urgency or social pressure to get them to provide their details via email or on a fake website that mimics the real website.
Common phishing attempts target bank accounts, emails from colleagues, auction sites, social media and online payment processors like PayPal.
To prevent phishing, teach employees to carefully examine emails and text messages for fraudulent links and attachments. Another good measure is to introduce a password manager that will generally only input passwords on legitimate websites.
How to prevent passwords from being lost, stolen and cracked
In many cases, poor passwords can lead to data breaches. For example, an employee might write down their password and leave it on their desk in plain sight or use a common password that is easily cracked or guessed. Computing power is becoming increasingly cheap and common password lists are becoming increasingly long, so it's up to your organization to enforce strong password policies. If you need a hand, follow our password checklist.
To prevent password related data breaches, emphasize the need for password security with employees. Organizations should require employees to use strong passwords and not write them down. For systems that have sensitive data, consider adding multi-factor authentication that requires both a password and a one-time password to gain access.
How to prevent ransomware breaches
Ransomware is a type of malware designed to deny access to a computer or encrypt data until a ransom is paid. Ransomware will commonly spread through phishing or by exploiting vulnerabilities like WannaCry's exploitation of EternalBlue.
To prevent ransomware related data breaches, consider installing antimalware and antivirus software, backing up files so if an attack is successful files aren't lost and patch devices constantly.
How to prevent vulnerability exploit data breaches
A vulnerability is a weakness that can be exploited to gain unauthorized access to or perform unauthorized actions of a computer or other device. A great place to keep track of vulnerabilities is Common Vulnerabilities and Exposures (CVE), a list of publicly disclosed vulnerabilities and exposures.
To prevent vulnerability related data breaches, consider investing in a tool that automatically scans your organization for vulnerabilities and provides you with a cyber security rating.
How to prevent spyware breaches
Like ransomware, to prevent spyware consider antivirus and antimalware software and general cyber security awareness training.
How to prevent data breaches with configuration management
Configuration management (CM) is a form of IT service management (ITSM) that ensures the configuration of a system is known, good and trusted. CM is concerned with ensuring there is an accurate record of the state of a system and it can be baselined to ensure any changes are identified and where necessary reversed.
Configuration management can reduce the risk of security breaches that are result of poor configuration of cloud services by giving visibility and tracking of the changes to your systems.
Preventing configuration drift is important. Once data is exposed by error, it becomes very difficult for organizations to prove the data was not accessed at some point. Digital forensics won't catch everything, so understanding what data was exposed and to who is hard after the fact. Prevention is key.
How to prevent third and fourth-party data breaches
Every organization outsources part of its operations to multiple suppliers. Those suppliers in turn outsource their operations to other suppliers. This introduces third-party risk and fourth-party risk. This is why vendor risk management and third-party risk management are foundational to preventing data breaches.
Vendor risk management programs are a comprehensive plan for identifying and mitigating business uncertainties, legal liabilities and reputational damage that can result from third and fourth parties.
To prevent third and fourth-party data breaches, consider investing in a tool that can automatically monitor your vendors and their vendors for cybersecurity risks. You need to be able to find and monitor vendors, track their security performance over time and compare them against industry benchmarks.
How UpGuard can prevent data breaches and find leaked credentials
UpGuard BreachSight can help combat typosquatting, prevent data breaches and data leaks, avoiding regulatory fines and protecting your customer's trust through cyber security ratings and continuous exposure detection.
We can also help you continuously monitor, rate and send security questionnaires to your vendors to control third-party risk and fourth-party risk and improve your security posture, as well as automatically create an inventory, enforce policies, and detect unexpected changes to your IT infrastructure. Helping you scale your vendor risk management, third-party risk management and cyber security risk assessment processes.
Cybersecurity is becoming more important than ever before.