Anatomy of a Data Breach

data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information, personally identifiable information, trade secrets or intellectual property. It is very lucrative type of hack because criminals can get information on hundreds, thousand, or even millions of people with a single hack (or careless behavior from one employee).

Hackers have stolen the personal information of 110 million Americans, roughly half of the nation’s adults, in the last 12 months alone. That massive number, tallied for CNNMoney by Ponemon Institute researchers, is made even more mind-boggling by the amount of hacked accounts: up to 432 million. The exact number of exposed accounts is hard to pin down, because some companies — such as AOL (AOL) and eBay (EBAY) — aren’t fully transparent about the details of their cyber breaches. But that’s the best estimate available with the data tracked by the Identity Theft Resource Center and CNNMoney’s own review of corporate disclosures. Everyone must realize this damage is real. Each record typically includes personal information, such as your name, debit or credit card, email, phone number, birthday, password, security questions and physical address.

Why does this keep happening? Basically because we have two things going on at once.

First: We’re increasingly moving our lives online. When you do shop at stores, they rely on the Internet to conduct and process all transactions other than cash. As a result, your data is everywhere: on your phone, laptop, work PC, website servers and countless retailers’ computer networks.

Second: Hackers are getting more sophisticated. Offensive hacking weapons are numerous and cheap. Many hackers have learned to quietly roam inside corporate networks for years before setting off any alarms. And many more are probably in the systems of the government & business right now waiting for the right time to extract data.

How does a data breach take place?
Before an attack can take place, the attacker must first identify a target. Once the cybercriminal has selected a target with the motive of either causing annoyance, harm, or damage or of extracting profit from the breach, he proceeds as follows:

Research: The cybercriminal looks for a weakness in the target’s people, systems, or networks. This may include conducting research on the company’s employees and infrastructure.

Attack: The cybercriminal makes initial contact with the target through either a network or through a social attack. In a network attack, the attacker uses infrastructure, system, and application weaknesses as well as techniques like SQL injection, vulnerability exploitation, session hijacking, and the like in order to penetrate the targeted organization’s network. A social attack, on the other hand, uses tactics that have an element of social engineering. Typical social attacks begin with a phishing email message, a spam that carries malware, or even obtaining physical access to the company’s premises by dressing up as office housekeeping staff, among others.

Theft: The cybercriminal extracts and transmits data back to him. This data can be proprietary or sensitive in nature or can comprise credentials that he may need for another attack or to get higher privileges inside his target’s network. The cybercriminal may have to stage more than one attack to get enough information and to gain a foothold in targeted systems in order to keep transmitting data.

Companies should always be aware human error and social engineering
Business owners and decision makers don’t need to worry about the integrity of their systems as much as they should worry about the human factor in cybersecurity. People are much harder to perfect than machines, and as such, it is generally a good idea to have a clear set of guidelines on how employees should handle technology and cybersecurity measures. Scammers will often have an advantage over employees and human error can lead to a data breach in the following ways:

• Poor passwords and inadequate verification measures allow for hackers to either easily guess login information or use the same login information for multiple accounts should it get out. This quickly and easily leads to a data breach through cloud services or email access.

• Phishing scams are still used because they’re still effective. Businesses should take time to train employees on how to recognize common phishing scams. Note that a hacked co-worker’s account could be asking for sensitive information and the victim might not even realize it.

• Employees will often not follow proper procedures in terms of access or data management. Measures and guidelines are there for a reason, and lax treatment of those guidelines often leads to a mistake in which a scammer or hacker can slip in and out with your business’ data.

Remote Vulnerabilities or Service Failure
A business will often take great lengths to protect the office and office equipment yet forget that employees and tools are not always at the office. Some things are out of the direct hands of your business, and that means taking extra precautions in the event that outside services fail. Technical and online services need to be picked out carefully. A hacker won’t try to take down Dropbox just to get to your business’ files, but you can be sure that they will be happy to take your data along with the rest of their spoils.

Remote and traveling employees will also need to watch out for data interception on public networks. Hackers will often have a setup using a “sniffer” program that allows them to catch everything being transmitted over the network. This can include account information and private business correspondence, which quickly leads to a data breach. To counter this, most businesses will equip remote employees with a trusted Virtual Private Network in order to encrypt information on whatever network they’re using.

Whatever the needs of your business are, make sure that you are using trusted services and that everyone relevant knows how to use them safely and securely. Don’t be afraid to invest, and don’t be afraid to spend time researching what the best options are.

Employee Corruption or Misuse of Technology
Fortunately, most companies don’t have to worry about the problem of malevolent employees as much as they do incompetent employees. That being said, an overabundance of access can easily lead to a data breach. You don’t want to go on a hunt inside company walls whenever there is a security problem. Corporate espionage is real, but it requires a balanced reaction so as to not create an environment of mistrust in the office. A data leak can happen with just a flash drive and a motive, so make sure that your business only employs trustworthy people.

Another situation that can result in a data breach is misuse of programs or technology. This can simply be taking home files that should be kept safely in the office, or it could be trying to hack software that shouldn’t be touched within the workplace. Employees rarely know everything they are doing when it comes to cybersecurity, so businesses need to take decisive action whenever sensitive data is put at risk by employee negligence or greed.