A data breach occurs when sensitive, confidential, or otherwise protected data is accessed and/or disclosed without authorization. Personal information, such as credit card numbers, Social Security numbers, driver’s licence numbers, and healthcare records, as well as company information, customer lists, and source code, are all common data breach targets. A data breach occurs when someone who is not authorised to see or steals personal data from the entity in responsibility of securing it.
Causes of a data breach
While data breaches can take many forms, they are virtually usually the result of a weakness or flaw exploited by hackers to obtain access to an organization’s systems or processes. A data breach could be caused by a variety of factors, including:
- weak login credentials
- social engineering scams
- malware or ransomware
- phishing
- lost or stolen hardware (laptops, hard drives, mobile devices)
- lack of access controls
- back doors
- insider threats
- user errors
Regulations on data breaches
To avoid data breaches, a number of business guidelines and government compliance rules need stringent controls over sensitive information and personal data. There are no particular laws that govern intellectual property protection. However, a breach of that type of data might result in serious legal conflicts as well as regulatory compliance concerns.
The Payment Card Industry Data Security Standard (PCI DSS) governs who can receive and use personal information (PII) in financial institutions and other businesses that handle financial data. Financial information such as bank account numbers and credit card numbers, as well as contact information such as names, addresses, and phone numbers, are examples of PII.
What can be done to avoid data breaches?
There is no single security technology or control that will completely eliminate data breaches. Commonsense security policies are the most reasonable means of preventing data leaks. These include well-known security fundamentals like:
- conducting ongoing vulnerability assessments
- penetration testing
- implementing proven malware protection
- using strong passwords/passphrases
- consistently applying the necessary software patches on all systems
While these measures will help to prevent intrusions into an environment, experts recommend encrypting sensitive data, whether on-premises or in the cloud. Encryption will prevent threat actors from accessing the actual data in the event of a successful breach into the environment.
Well-written security rules for employees, as well as continuing security awareness training to promote those policies and educate staff, are further strategies for preventing breaches and minimising their impact.
Employees may be given the minimal minimum of permits and administrative rights to accomplish their jobs under such rules, such as the principle of least privilege (POLP).
In addition, firms should have an incident response plan in place in the case of a security breach or intrusion. A rigorous method for identifying, containing, and quantifying a security event is usually included in this strategy.
A list of notable data breaches
According to the 2020 Verizon Data Breach Investigations Report, the banking business has the most verified data breaches, followed by information services and the public sector. In recent years, there have been numerous massive data breaches at both huge corporations and government institutions.
Target:
Target Corporation revealed in 2013 that it had experienced a large data breach that exposed customer names and credit card information. People, state governments, and credit card companies have all filed lawsuits as a result of the Target data breach, which affected 110 million customers. Legal settlements totaled tens of millions of dollars for the company.
Sony Pictures:
When threat actors launched malware that disabled workstations and servers in late 2014, Sony Pictures Entertainment’s corporate network was shut down. The data theft was blamed on a hacking group known as Guardians of Peace, which exposed unreleased films taken from Sony’s network as well as private communications from corporate leaders.
Eduindex News 