Data Breach

A data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner. Victims of data breaches are usually large companies or organizations, and the data stolen may typically be sensitive, proprietary or confidential in nature (such as credit card numbers, customer data, trade secrets or matters of national security). Damage created by such incidents often presents itself as loss to the target company’s reputation with their customer, due to a perceived ‘betrayal of trust’. The damage may also involve the company’s finances as well as that of their customers’ should financial records be part of the information stolen.

Background

Data breaches may be a result of cybercriminal activity (targeted attacks) or by complete accident/human error (misplaced business laptop/smartphone).

A typical data breach occurs in three phases:

1. Research. The cybercriminal, having picked his target, looks for weaknesses that he can exploit: the target’s employees, its systems, or its networks. This entails long hours of research on the cybercriminal’s part, and may involve stalking employees’ social networking profiles to finding what sort of infrastructure the company has.
2. Attack. Having scoped out his target’s weaknesses, the cybercriminal makes initial contact through either a network-based attack or through a social attack.
   1. In a network attack, the cybercriminal uses the weaknesses in the target’s infrastructure to get into its network. These weaknesses may include (but are not limited to) SQL injection, vulnerability exploitation, and/or session hijacking.
   2. In a social attack, the cybercriminal uses social engineering in order to infiltrate the target’s network. This may involve a maliciously-crafted email to one of the employees, tailor-made to catch that specific employee’s attention. The mail could be a phishing mail, where the reader is fooled into supplying personal information to the sender, or one that comes with attached malware set to execute once accessed.

3. Exfiltrate. Once inside the network, the cybercriminal is free to extract the data he needs from the company’s infrastructure and transmit it back to himself. This data may be used for either blackmail or black propaganda. It may also result in the cybercriminal having enough data for a more damaging attack on the infrastructure as well.

Other Causes of Data Breaches

• Disgruntled employees. Employees who mean to do harm to their employers by willingly stealing information from the company.
• Lost or stolen devices. Company devices that may be lost or stolen by employees who bring them home.
• Malware-infected personal or network devices. Company devices that may be infected with information-stealing malware.
• Unintentional sharing. Employees may accidentally share work-critical information, details and files with friends either through negligent file-handling practices or idle conversation.
  

 
Real-World Data Breach Examples

• Adobe – October 2013 saw Adobe announcing that hackers broke into its network and stole source code from an undetermined number of its software titles. The company reported that hackers also accessed customer credit card records as well as login data from a database of 2.9 million customers.
• South Korea – In April 2013, it was reported that the IDs of 140 million South Koreans had been stolen and possibly could have leaked to parties in North Korea. The information was believed to have been stolen through the arrested perpetrators hacking into the websites of department stores, gas stations and online shopping malls, as well as various other proprietary websites.

For Enterprises:

• Patch systems and networks accordingly. IT administrators should take special care in making sure ALL systems in the network are patched, because one unpatched system may spell disaster. This prevents cybercriminals from exploiting vulnerabilities in unpatched/outdated software.
• Educate and enforce. Inform your employees about the threats, train them to watch out for social engineering tactics, and introduce/enforce guidelines on how to handle a threat situation if encountered.
• Implement security measures. Create a process to identify vulnerabilities and address threats in your network. Regularly perform security audits and make sure all of the systems connected to your company network are accounted for.
• Create contingencies.  Put an effective disaster recovery plan in place. In the event of a data breach, minimize confusion by being ready with contact persons, disclosure strategies, actual mitigation steps, and the like. Make sure that your employees are made aware of this plan for proper mobilization once a breach is discovered.

For Consumers/Employees of Enterprises:

• Create contingencies. Put an effective disaster recovery plan in place. In the event of a data breach, minimize confusion by being ready with contact persons, disclosure strategies, actual mitigation steps, and the like. Make sure that your employees are made aware of this plan for proper mobilization once a breach is discovered.
• Keep track of your banking receipts. The first sign of being compromised by a cybercriminal is finding strange charges on your account that you did not make.
• Don’t believe everything you see. Social engineering preys on the gullible. Be skeptical and vigilant.
• Be careful of what you share. Don’t get carried away by social media. If possible, don’t list down too many details of yourself on your profile.
• Secure ALL your devices. Laptops, mobile devices, desktops – ensure that they are protected by security software and always updated.
• Secure your accounts. Use different email addresses and passwords for each account you have. Use a password manager to automate the process.
• Do not open email from unfamiliar senders. If in doubt, delete without opening it. Verify first before opening any attachments.