Data breaches are one of the biggest cyber security challenges and threats of the twenty-first century. In a world in which data, as the saying goes, is considered “the new oil” (read: an immensely valuable raw material), few things are more potentially damaging than the proverbial oil well springing a major leak.
Data breaches might cover anything from just a few records to, in the worst cases, tens of millions or even billions of user records. The term is used to refer to any unauthorized possession or access of personally identifiable information (PII).
The effects of such data breaches can be both costly and far-reaching – from financial loss to operational disruptions to damage to reputation to legal repercussions. While the cost of a single data breach is hard to quantify, given the variables, it can routinely cost businesses in excess of thousands of dollars, and in many cases much, much more.
Unfortunately, data breaches are becoming more common. Breaches are on the rise, with the total of such breaches in 2021 far exceeding the total number one year earlier. For those without the right data protection measures, the results can be truly devastating – with some companies never recovering from breaches. And if you’re asking “what is data protection,” then read on.
Question: How do thieves enter a house for a burglary? Answer: There isn’t just one way that this happens. Perhaps they notice an old window that could be forced open and entered from ground level. Maybe you sleep with your second floor windows open, and your adjoining garage’s flat roof makes it easy for a burglar to climb up to them. It might be that you leave a spare set of front door keys under a plant pot, and all it requires is a burglar finding this and letting him or herself into your property.
The same is true for data breaches. There’s no single way that this happens. It may be the result of an orchestrated cyber attack, in which attackers use a method such as malware or ransomware to infect a computer to prompt a breach. For example, in some of the newer ransomware attacks – which previously focused only on encrypting files and charging money for decrypting them – now exfiltrate information. This may then be sold online or otherwise published or made available.
Attackers may also seize upon vulnerabilities in software or systems as a way to coax otherwise secure systems into giving up valuable information. In some cases, this can be done by exploiting zero day vulnerabilities that developers are unaware of, and have therefore not had time or warning to rectify. In others, attackers will target vulnerabilities or flaws that have been fixed, but with the awareness that a certain (possibly significant) percentage of users may not yet have downloaded and installed the appropriate fixes or updates.
In still other cases, breaches may result from lost or stolen physical devices – or other human error. For example, a laptop that contains sensitive information or allows access to such information could be extremely compromising if it was breached. Similarly, an email that contains sensitive information as an attachment could result in a similar scenario.
However, the most common form of data breach results from so-called phishing attacks. Most users are familiar with these attempted attacks – for instance, the email purporting to be from your bank or an online retailer, requesting that you enter confidential credentials to access a particular message or confirm that your details are up to date. They may alternatively ask you to click a link to download a particular, seemingly legitimate file which turns out to be a piece of the kind of malware mentioned earlier. Phishing attacks can vary from laughably ham-fisted (for example, a poorly written message littered with spelling mistakes and bad grammar) or incredibly convincing. Even the world’s greatest cyber security experts could be fooled by a phishing attack if enough care was put into making it appear accurate.
It’s crucial that organizations protect themselves against the risk of data breaches. Some of this is about education: Teaching employees to be wary of questionable emails is a valuable lesson for all involved. But technology clearly has a part to play as well – whether it’s the use of multi-factor authentication to protect accounts or the use of strong encryption for customer records (so that, even in the event that they were breached, they would not be readable to attackers.)
But tech tools go far beyond this. Solutions like database firewalls, data masking, user behavior analytics, database activity monitoring and more can help monitor for suspicious behavior or data access and take the appropriate steps to block potential attacks, while notifying the right people. Some of the most cutting edge tools available in this area use technologies like AI and machine learning to add intelligence into threat-finding – taking some of the onus away from already overworked and overloaded IT departments. An essential part of preventing data breaches comes down to using the correct monitoring tools for analysing the actions of bad actors. The Elastic Stack provides a solution for monitoring event logs, actions and traces. To get started you may wish to browse this Elastic pricing calculator next.
Choose the right solutions and you’ll be able to better detect and prevent activities that lead to data breaches. Doing so is some of the best money you’ll ever spend.
