DATA BREACH

A data breach is an incident wherein information is stolen or taken from a system without the knowledge or authorization of the system’s owner. A small company or a large organization may suffer a data breach. Stolen data may involve sensitive, proprietary, or confidential information, such as credit card numbers, customer data, trade secrets or matters of national security.

Damage created by such incidents often presents itself as loss to the target company’s reputation due to a perceived ‘betrayal of trust’. The damage may also involve financial losses for the company as well as that of their customers’ should financial records be part of the information stolen.

Based on data breach incidents recorded between January 2005 and April 2015, personally identifiable information [PII] was the most stolen record type while financial data came in second.

Breach methods observed across industries

Most of the time, data breaches are attributed to hacking or malware attacks. While these attacks play a big role, they only account for a quarter of all of the reported incidents.

Other frequently observed breach methods include the following:

  • Insider leak: A trusted individual or person of authority with access privileges steals data.
  • Payment card fraud: Payment card data is stolen using physical skimming devices.
  • Loss or theft: Portable drives, laptops, office computers, files, and other physical properties are lost or stolen.
  • Unintended disclosure: Through mistakes or negligence, sensitive data is exposed.
  • Unknown: In a small of number of cases, the actual breach method is unknown or undisclosed

Phases of a data breach




  • Research
The attacker, having picked his target, looks for weaknesses to exploit: the target’s employees, its systems, or its networks. This entails long hours of research on the attacker’s part, and may involve stalking employees’ social networking profiles to find what sort of infrastructure the company has.
  •  Attack

Having scoped out a target’s weaknesses, the attacker makes initial contact either through a network-based attack or a social attack.

  • In a network attack, the attacker uses the weaknesses in the target’s infrastructure to get into its network. These weaknesses may include, but are not limited to, SQL injection, vulnerability exploitation, and/or session hijacking.
  • In a social attack, the attacker uses social engineering to infiltrate the target’s network. This may involve a maliciously crafted email sent to an employee, tailor-made to catch that specific employee’s attention. The mail could be a phishing mail, where the reader is fooled into supplying personal information to the sender, or one that comes with attached malware set to execute once accessed
  • Exfiltrate

Once inside the network, the attacker is free to extract the data he needs from the company’s infrastructure. This data may be used for either blackmail or black propaganda. The information attackers collect can also be used to execute more damaging attacks on the infrastructure.

Record Data Breaches

Year

Organization

Industry

Records stolen

2016

Myspace

web

164000000

2016

VK

web

100544934

2016

Turkish citizenship database

government

49611709

2016

Tumblr

web

65,000,000

2016

LinkedIn

web

117000000

2015

Voter Database

web

191000000

2015

Anthem

healthcare

80000000

2015

Securus Technologies

web

70000000

2015

AshleyMadison.com 

web

37000000

2014

Ebay

web

145000000

2014

JP Morgan Chase

financial

76000000

2014

Home Depot

retail

56000000

2013

Target

retail

70000000

2013

UbiSoft

gaming

58000000

2013

Evernote

web

50000000

2013

Living Social

web

50000000

2013

Adobe

tech

36000000

2013

Court Ventures

financial

200000000

2013

Massive American business hack

financial

160000000

Top 20 Organizations based on Records Stolen


Data breach laws
Data breach legislation differs in every country or region. Many countries still do not require organizations to notify authorities in cases of a data breach. In countries like the United States, Canada, and France, organizations are obliged to notify affected individuals of a data breach under certain conditions.

Read more: Global Guide to Data Breach Notifications 2016

Best practices

      • For enterprises
        • Patch systems and networks accordingly. IT administrators should make sure all systems in the network are patched and updated to prevent cybercriminals from exploiting vulnerabilities in unpatched/outdated software.

        • Educate and enforce. Inform your employees about the threats, train them to watch out for social engineering tactics, and introduce and/or enforce guidelines on how to handle a threat situation if encountered.

        • Implement security measures. Create a process to identify vulnerabilities and address threats in your network. Regularly perform security audits and make sure all of the systems connected to your company network are accounted for.

        • Create contingencies.  Put an effective disaster recovery plan in place. In the event of a data breach, minimize confusion by being ready with contact persons, disclosure strategies, actual mitigation steps, and the like. Make sure that your employees are made aware of this plan for proper mobilization once a breach is discovered.
      • For employees
        • Keep track of your banking receipts. The first sign of being compromised by a cybercriminal is finding strange charges on your account that you did not make.

        • Don’t believe everything you seeSocial engineering preys on the gullible. Be skeptical and vigilant.

        • Be careful of what you share on social media. Don’t get carried away by social media. If possible, don’t list down too many details of yourself on your profile.
        • Secure all your devices such as laptops, mobile devices, desktops. Ensure that they are protected by security software that is always updated.
        • Secure your accounts. Use different email addresses and passwords for each account you have. You may opt to use a password manager to automate the process. 
        • Do not open emails from unfamiliar senders. If in doubt, delete them without opening it. Always try to verify who the sender is and the contents of the email first before opening any attachments.



Links:
https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/follow-the-data                     http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/