What is a data breach?

A data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner. Victims of data breaches are usually large companies or organizations, and the data stolen may typically be sensitive, proprietary or confidential in nature (such as credit card numbers, customer data, trade secrets or matters of national security). Damage created by such incidents often presents itself as loss to the target company’s reputation with their customer, due to a perceived ‘betrayal of trust’. The damage may also involve the company’s finances as well as that of their customers’ should financial records be part of the information stolen.

A typical data breach occurs in these phases:

• The cybercriminal, having picked his target, looks for weaknesses that he can exploit: the target’s employees, its systems, or its networks. This entails long hours of research on the cybercriminal’s part, and may involve stalking employees’ social networking profiles to finding what sort of infrastructure the company has.
• Having scoped out his target’s weaknesses, the cybercriminal makes initial contact through either a network-based attack or through a social attack.

In a network attack, the cybercriminal uses the weaknesses in the target’s infrastructure to get into its network. Once inside the network, the cybercriminal is free to extract the data he needs from the company’s infrastructure and transmit it back to himself. This data may be used for either blackmail or black propaganda. It may also result in the cybercriminal having enough data for a more damaging attack on the infrastructure as well.

Below, is an infographic chart on affected industries and how it affects them;

Ways to prevent a Cyber Attack

For Enterprises:

• Patch systems and networks accordingly.IT administrators should take special care in making sure ALL systems in the network are patched, because one unpatched system may spell disaster. This prevents cybercriminals from exploiting vulnerabilities in unpatched/outdated software.
• Educate and enforce.Inform your employees about the threats, train them to watch out for social engineering tactics, and introduce/enforce guidelines on how to handle a threat situation if encountered.
• Implement security measures.Create a process to identify vulnerabilities and address threats in your network. Regularly perform security audits and make sure all of the systems connected to your company network are accounted for.
• Create contingencies. Put an effective disaster recovery plan in place. In the event of a data breach, minimize confusion by being ready with contact persons, disclosure strategies, actual mitigation steps, and the like. Make sure that your employees are made aware of this plan for proper mobilization once a breach is discovered.

For Consumers/Employees of Enterprises:

• Create contingencies. Put an effective disaster recovery plan in place. In the event of a data breach, minimize confusion by being ready with contact persons, disclosure strategies, actual mitigation steps, and the like. Make sure that your employees are made aware of this plan for proper mobilization once a breach is discovered.
• Keep track of your banking receipts. The first sign of being compromised by a cybercriminal is finding strange charges on your account that you did not make.
• Don’t believe everything you see. Social engineeringpreys on the gullible. Be skeptical and vigilant.
• Be careful of what you share. Don’t get carried away by social media. If possible, don’t list down too many details of yourself on your profile.
• Secure ALL your devices.Laptops, mobile devices, desktops – ensure that they are protected by security software and always updated.
• Secure your accounts.Use different email addresses and passwords for each account you have. Use a password manager to automate the process.
• Do not open email from unfamiliar senders.If in doubt, delete without opening it. Verify first before opening any attachments.

Cite: https://www.trendmicro.com/vinfo/us/security/definition/data-breach