A data breach involves the release of sensitive information. Many types of online attacks have a primary goal of causing a data breach to release information such as login credentials and personal financial data.
A data breach is the release of confidential, private, or otherwise sensitive information into an unsecured environment. A data breach can occur accidentally, or as the result of a deliberate attack.
Millions of people are affected by data breaches every year, and they can range in scope from a doctor accidentally looking at the wrong patient’s chart, to a large-scale attempt to access government computers to uncover sensitive information.
Data breaches are a major security concern because sensitive data is constantly being transmitted over the Internet. This continuous transfer of information makes it possible for attackers in any location to attempt data breaches on almost any person or business they choose.
Data is also stored in digital form by businesses all over the world. The servers that store the data are often vulnerable to various forms of cyber attack.
Major corporations are prime targets for attackers attempting to cause data breaches because they offer such a large payload. This payload can include millions of users' personal and financial information, such as login credentials and credit card numbers. This data can all be resold on underground markets.
However, attackers target anyone and everyone they can extract data from. All personal or confidential data is valuable to cyber criminals — usually, someone in the world is willing to pay for it.
The Equifax data breach in 2017 is one major example of a large-scale data breach. Equifax is an American credit bureau. Between May and June 2017, malicious parties accessed private records within Equifax's servers of nearly 150 million Americans, about 15 million British citizens, and about 19,000 Canadian citizens. The attack was made possible because Equifax had not applied a patch to a software vulnerability in their system.
Smaller-scale data breaches can have a big effect as well. In 2020, attackers hijacked the Twitter accounts of numerous famous and influential people. The attack was possible because of an initial social engineering attack that enabled the attackers to gain access to Twitter's internal administrative tools. Starting from this initial breach, attackers were able to take over the accounts of multiple people and promote a scam that collected approximately $117,000 in Bitcoin.
One of the most notorious data breaches of recent decades was the cyber-attack launched against major retailer Target in 2013. The combination of strategies used to pull this attack off were fairly sophisticated. The attack involved a social engineering attack, the hijacking of a third-party vendor, and a large-scale attack on physical point-of-sale devices.
The attack was initiated with a phishing scam that went after employees of an air-conditioning company that provided AC units to Target stores. These air conditioners were linked to computers on Target's network to monitor energy usage, and the attackers compromised the air-conditioning company’s software to gain access to the Target system. Eventually the attackers were able to reprogram credit card scanners in Target stores to provide attackers with customer credit card data. These scanners were not connected to the Internet, but were programmed to periodically dump saved credit card data into an access point monitored by the attackers. The attack was successful and led to an estimated 110 million Target customers having their data compromised.
Since data breaches come in so many forms, there is no single solution to stop data breaches and a holistic approach is required. Some of the main steps businesses can take include:
Access control: Employers can help combat data breaches by ensuring that their employees only have the minimum amount of access and permissions necessary to do their jobs.
Encryption: Businesses should encrypt their websites and the data they receive using SSL/TLS encryption. Businesses should also encrypt data at rest, when it is stored in their servers or on employees' devices.
Web security solutions: A web application firewall (WAF) can protect a business from several types of application attacks and vulnerability exploits that aim to create data breaches. In fact, it is speculated that a properly configured WAF would have prevented the major data breach attack on Equifax in 2017.
Network security: In addition to their web properties, businesses must protect their internal networks from compromise. Firewalls, DDoS protection, and secure web gateways can all help keep networks secure.
Keeping software and hardware up-to-date: Old versions of software are dangerous. Software almost always contains vulnerabilities that, when exploited properly, allow attackers to access sensitive data. Software vendors regularly release security patches or entirely new versions of their software to patch vulnerabilities. If these patches and updates are not installed, attackers will be able to compromise those systems — as took place in the Equifax breach. Past a certain point, vendors will no longer support a software product — leaving that software completely open to whatever new vulnerabilities are discovered.
Preparation: Companies should prepare a response plan to be executed in the case of a data breach, with a goal of minimizing or containing the leak of information. For instance, companies should keep backup copies of important databases.
Training: Social engineering is one of the most prevalent causes for data breaches. Train employees to recognize and respond to social engineering attacks.
Here are some tips for protecting your data, although these actions on their own do not guarantee data security:
Use unique passwords for each service: Many users reuse passwords across multiple online services. The result is that when one of these services has a data breach, attackers can use those credentials to compromise users' other accounts as well.
Use two-factor authentication: Two-factor authentication (2FA) is the use of more than one verification method to confirm a user's identity before they are allowed to log in. One of the most common forms of 2FA is when a user enters a unique one-time code texted to their phone in addition to their password. Users who implement 2FA are less vulnerable to data breaches that reveal login credentials, because their password is not enough on its own to allow an attacker to steal their accounts.
Only submit personal information on HTTPS websites: A website that does not use SSL encryption will only have "http://" in its URL, not "https://". Websites without encryption leave any data entered on that website exposed, from usernames and passwords to search queries and credit card numbers.
Keep software and hardware up-to-date: This suggestion applies to users as well as businesses.
Encrypt hard drives: If a user's device is stolen, encryption prevents the attacker from viewing the files stored locally on that device. However, this does not stop attackers who have gained remote access to the device through a malware infection or some other method.
Only install applications and open files from reputable sources: Users accidentally download and install malware every day. Make sure any files or applications you open, download, or install are really from a legitimate source. In addition, users should avoid opening unexpected email attachments — attackers often disguise malware within seemingly harmless files attached to emails.
After reading this article you will be able to:
What is Web Application Security?
Why Use HTTPS?
Brute Force Attack
OWASP Top Ten