A data breach is any incident in which someone gains unauthorized access to sensitive or protected information. This includes both information leaking outside of an organization and internal breaches where employees, contractors, or partners copy, view, transmit or steal data that they should not have access to.
Data breaches can affect both individuals and organizations. Breaches of corporate data can be intentional or the result of inadvertent actions by an authorized user of the data.
Data breaches can occur in a variety of ways. One of the major differentiators is whether the threat originated internally or externally to the organization
The popular conception of data breaches and other security incidents is that they are performed intentionally by cybercriminals operating from outside the organization. However, insiders can be just as dangerous to an organization and its data.
Trusted insiders have legitimate access to an organization’s network, systems, and potentially the sensitive data in question. This makes it easier for them to gain access to the protected data and take actions that – intentionally or otherwise – cause it to be exposed to unauthorized users.
For example, a common source of data breaches is misconfigured cloud infrastructure. If an insider copies corporate data to a personal cloud or changes cloud security settings to make it easier to use, this may allow unauthorized parties to access and use the data in question.
Data breaches can also originate from outside the organization, and these are the breaches that typically make the news. Data breaches involving large amounts of sensitive information are of wider interest than an email forwarded to the wrong person.
External data breaches follow similar attack progressions to other cyberattacks. These attack chains – as outlined in Lockheed Martin’s Cyber Kill Chain or the MITRE ATT&CK framework – involve a series of steps that move the attacker from initial reconnaissance to accessing and exfiltrating the target data.
Once an attacker has access to sensitive or protected data, they can use it in various ways. Often, data is offered for sale on the dark web, and some types of data can be used to gain access to user accounts or for fraudulent activities.
Data breaches come in many different forms. Some of the more common types of data breaches include the following:
Web Application Attacks: Exploitation of web application vulnerabilities are another common cause of data breaches. SQL injection and cross-site scripting (XSS) are two examples of web application attacks that can leak sensitive data.
Data breaches have become an everyday occurrence, and even the biggest breaches differ significantly in technique. For example, some of the biggest recent data breaches include:
Data breaches are increasingly common, and data protection regulations are growing more stringent and impose stricter penalties for data leaks. Organizations looking to minimize the potential probability and cost of a data breach should implement cybersecurity best practices, including:
Check Point’s 2021 Cybersecurity Report outlines the major cyber threats that companies are facing in 2021. To learn more about preventing these threats with Check Point, sign up for a free demo of Harmony, Check Point’s unified security solution for users, devices, and access.