The number of incidents of data breaches has been on the rise. Globally, from Q1 2020 to Q1 2023, 3 billion accounts had been breached, accounting for 18.6% of total number of data breaches since 2004. Furthermore, Q1 2023 experienced a 54.4% increase in data breach cases versus Q4 2022.
It is imperative for every organisation to reduce the risk of data breaches happening, as this could be a matter of survival for the organisation and its stakeholders. This article explains what the common types of data breaches are and practical ways to reduce the risk of it happening.
What is a Data Breach?
A data breach is an incident in which unauthorized individuals manage to gain access to confidential information through illegal means. This confidential information can refer to credit card numbers, any sort of personal information and many others.
Data breaches can impact any organization regardless of the size. For example, in 2022, Didi Global was fined 1190 million USD, and in 2021, Amazon was fined 877 million USD. This shows us that no matter how much money to company has it will still be at risk to data breaches.
How Data Breaches Happen
There are three common ways data breaches can happen.
Human Error
According to World Economic Forum data of September 2022, human error accounted for over 95% of security incidents. The same report indicated that employees opened 42% of phishing emails received through office computers.
Human error can also be due to usage of simple passwords across multiple accounts, not changing passwords often, and not keeping software and applications up-to-date. All these can be avoided by conducting security awareness training for employees, so that they are more cognisant of recognising and identifying signs of phishing attacks or other types of cyber threats.
Malware
Malware or malicious software is a file or code that can potentially allow hackers to steal confidential information residing in infected devices. While there are many ways malware can be downloaded into devices, phishing emails accounted for 92% of all malware downloads. Once the malware is in the device, it can steal confidential information, prevent access to files through encryption (ransomware), spying on activities on the device, and deleting and corrupting files.
It is therefore critical that organisations put in place strong measures to protect against malware. This includes having a secure email gateway, running endpoint security software, having firewalls and making sure all applications in the system are up to date.
Physical Security Breach
Physical security refers to preventive measures put in place to prevent unauthorised access to and possession of IT assets, from which confidential information could be stolen. Devices include hard drives, servers, thumb drives, cell phones, desktops, laptops, etc. This can be prevented by ensuring all important devices are physically well-secured and can only be accessed by authorised personnel. If possible, CCTVs and alarm systems should be installed as detection and alert mechanisms.
Types of Data Breaches
Ransomware
Ransomware is a type of malware that encrypts files on devices, thereby restricting access. The attackers then demand a ransom from the victims to get the files decrypted. They may even threaten to release the confidential information if the ransom is not paid.
Business Email Compromise (BEC)
These are phishing emails that do not have any links. Attackers use knowledge of the organisation to convince employees to wire money or data. Attackers may impersonate the CEO and convince employees to part with their money or bank account credentials.
Stolen Information
This occurs when attackers steal confidential data from an organisation through physical means, like stealing an organisation’s laptop, or through hacking.
Phishing
Over 91% of cyber attacks begin with a phishing email. This is when an attacker sends an email that appears to be from a trusted source with the goal of convincing victims to click a malicious link or to enter confidential credentials in a “spoofed” domain, or tricking the victim into sending money or confidential data by impersonating a loved one or a superior.
Password Guessing
This can happen when employees leave passwords on sticky notes or if the passwords are easy to guess. A more tedious way can be through a brute force attack, where they just try to guess usernames and passwords.
Distributed Denial of Service (DDoS)
This occurs when hackers flood a server with traffic and cause it to crash. Since the system is down, users are unable to access the resources when needed.
Ways to Prevent Data Breaches
Secure System Configurations
If necessary, block all traffic by default and allow only specific traffic to pass through the firewall. Additionally, ensure that services not in use are disabled.
Employee Training and Education
Continual awareness training of employees throughout their stay with the organisation is key to ensure they are well-equipped to counter the threats of data breach. Humans can be the strongest as well as the weakest link.
Restrict Internet Access
Make sure that endpoints that have access to sensitive data can only access a restricted number of websites, so there will be a lower risk of the data getting compromised.
Install Endpoint Security
Keep all software up-to-date, use anti-virus and anti-malware solutions and ensure these solutions are properly monitored.
Regular Data Backups
The backups should be kept offline and off-site and ensure that the backup data can be restored.
User Access Control
Make sure personal data is not publicly accessible through search engines.
Review User Accounts
Remove user accounts that are no longer in use.
Minimise Risk of Brute Force Attacks
Limit the number of login attempts and lock the user account after a set number of failed attempts.
Strong Password Policy
Ensure employees do not reuse previously-used passwords, ensure they have different passwords for accounts across different systems, and make sure they use passphrases that are complex but easy for them to remember, such as “iwant2l@se10kg”.
Use MFA or 2FA
This will require an additional step of authentication, through a security token or a mobile phone. This is such that a password alone would not be sufficient to an access the account.
References: https://surfshark.com/research/data-breach-monitoring