Content

DeMISTIfying Infosec: Data Breach

By Katherine Teitler

Data Breach

A data breach is an information security incident in which sensitive, proprietary, or confidential data is accessed, viewed, stolen, or in any way used by unauthorized parties or systems. The term generally refers to the breach of Internet- or network-connected data. A data breach can occur through an exploit of a weakness in a system (e.g., SQL injection) or person (e.g., social engineering).

While most data breaches are thought to be perpetrated by cybercriminals or hackers specifically targeting an organization to steal its data for financial gain, many data breaches occur because of insider access. In the case of insiders or employees, the employee may have legitimate access to the data, which is required to perform job functions. When the employee has approved permissions to access and interact with the data, a breach might occur when the employee uses the data in an unauthorized way (e.g., posts it to a forum, copies it to a non-secure/unapproved file location, sells it to a third party, etc.), or it could occur because of negligence/by accident (e.g., employee's laptop is stolen).

Early bird deadline for InfoSec World 2016 Conference & Expo end 1/22/16. Click here to register today.

An insider could also gain access to a file or system that should be inaccessible to him/her due to a change of role within the company (e.g., access is no longer required due to departmental needs) or when appropriate controls are not in place (e.g., system admin does not specify principles of least privilege).

In the case of hackers, cybercriminals, or nation-states, these adversaries target specific data such as personally identifiable information (PII), public health information (PHI), or intellectual property (IP), use tools, tactics, and procedures (TTP) to find and access the data, then use the data for nefarious purposes. The goal may financial gain, to publicly embarrass a company, or to obtain trade secrets. While most data breaches—no matter how big or financially destructive—have not proven to inflict long-term effects on stock price or business performance, Nortel Networks was forced into bankruptcy after hackers lurked in their networks for 10+ years, stealing their IP.

 

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.