Skip to content

What to Do When You Have a Data Breach

December 8, 2020

what is a data breach
Monitor your logs with SIEM systems to prevent a data breach

Monitor all events across your IT environment

Use SIEM systems to aggregate logs, identify threat patterns, and conduct forensic analysis in your IT infrastructure.

The Internet is flooded with ample information in this digital age.

All of your personal and professional data rests inside your digital doorway. It's crucial to safeguard it from people who might use it for their benefit at your expense.

A data breach can compromise your information to malicious hackers and can cause significant damage to you and your business, especially when you store your client's information in your database.

What is a data breach?

A data breach is an unanticipated event where your data and information assets are exposed to unauthorized third parties, people who may attempt to exploit your data  for their own advantage, typically resulting in loss of reputation or capital.

Data breaches can be intentional where hackers break through your information security systems and controls  by exploiting vulnerabilities. You can avoid this by covering the gaps in your security posture. Conducting regular vulnerability scans, monitoring logs on SIEM systems to identify threat patterns, and penetration testing will help you bridge those security gaps.

But sometimes, a data breach can occur accidentally, where an internal resource might unintentionally expose your information assets out in the open.There are various other causes of a data breach; let's look at them in detail.

How does a data breach happen?

There are many factors that can combine to cause a data breach. These factors are as follows:

Password mismanagement

Some people may think, "What's the point of creating a password that we couldn't remember, where a simple 12345 can give us the access." In case you share the same line of thinking, you’re partially right; it's not only easy for you to gain access, but also for hackers who are on the lookout for ways  to gain access to your personal data.

Weak passwords or stolen passwords are probably the most common cause of data breaches. You should have some originality and complexity in a password, instead of the simple common phrases as such phrases can be easily cracked by a program that checks it with the most common passwords. Remember, password authentication is there for a reason, and not to put you through one extra step where you type your name, or 12345, or your birthdate to finish the deed. It’s the reason why multi-factor authentication (MFA) is gaining popularity, as it adds a protective layer around your assets to protect them if the set password is weak.

Also, there are instances where the physical security of passwords or files are mismanaged. Writing passwords on a sticky note at your desk or creating a simple notepad for listing your login credentials are a few examples of poor password management. Exposure of your login credentials can put you and your company at risk of a data breach. 

Presence of vulnerabilities

Managing vulnerabilities in an IT infrastructure is crucial when it comes to protecting your assets from cyber attacks. Even a minor security gap in an important system can cause a catastrophic impact if exploited in the right way. It's important that you attempt to cover these gaps well before they pose a risk. 

Tip: Wondering how you would scan vulnerabilities in your IT assets? Check out the top vulnerability scanners on the market.

Occurrence of malware

Malware is a malicious software program that is deployed in a system or application with known vulnerabilities. This could be a program that tracks a user's activity or a ransomware attack that locks you out of your own software program and demands payment to re-access the data.

Malware is a common factor in a data breach, as their number and types vary broadly. Malware is difficult to detect because hackers make small modifications in the malware program to provide camouflage from antivirus software. They inject malware into your system or application through phishing attempts or by using exploit toolkits.

Insider accidents and threats

You can have an insider who accidentally exposes the data and reports to the relevant authorities or a malicious insider who, without authorization to do so, reveals the data and information intentionally, typically for personal gain. 

Insiders who intentionally pose a threat can be disgruntled employees or those who have left the company on poor terms. They may try to leak sensitive information, which can be of benefit to others or themselves, or to the detriment of you and your company’s reputation. There are times when the intention is the greed of the person who wants to sell the data on the dark web for a price.

Tip: Data loss prevention (DLP) software can help you prevent willful or accidental data breaches caused due to insider threat.

Mishandling data-carrying hardware

Another common cause of a data breach is mishandled hardware such as CDs, laptops, hard drives, and even printed materials. The main target of a hacker in this case is to steal such devices to access the data or information stored.

Thefts like these are mostly opportunistic and are, therefore, hard to predict. You need to manage your data-carrying devices with care and proper encryption so that even in the event that they fall into the wrong hands, the data contained within them will be secure.

How do you handle a data breach?

According to the Federal Trade Commission (“FTC”), you should have a response strategy in a data breach. Although the applicable strategy would be different depending on your industry or  organization, the FTC has provided guidelines to handle a data breach.

Secure your assets 

The first step in your response should be to secure assets that are at risk. It protects you from the possibility of multiple data breaches, which can be disastrous financially, as well as damage your reputation.

The steps to secure your assets are:

  1. Engage a team of forensic experts to conduct a thorough analysis of the incident.
  2. Involve other teams like legal, information security, etc., depending on your organization's structure.
  3. Change the access credential at the earliest because your assets will continue to be at risk if it's the cause.
  4. Don't turn off the system until the experts have analyzed it, but you should take it offline to prevent further data loss.
  5. Monitor the attack surface closely, and if possible, put clean machines in place of the affected ones.
  6. If you accidentally exposed your data on a website or social media, causing a breach, remove it.
  7. Search for the compromised data online and ask websites to remove it if they have stored any.
  8. Interview your teams who discovered the breach and all of them who could have any information about it.
  9. Make sure you keep the evidence while securing your assets and the remediation process.

Remediate vulnerabilities

Once you have secured your assets, the next step is to fix the vulnerabilities that exposed your asset to cyberattacks. Conducting a vulnerability assessment, monitoring SIEM logs, and penetration testing will help perform a thorough check of your security posture. 

Also, check the network segmentation to contain a security breach, evaluate its effectiveness, and make relevant modifications if necessary. While doing so, prepare a communication plan that conveys information regarding the breach to affected parties, in accordance with local law and your contractual obligations. Anticipate questions that people might have, and answer them in a clear and concise way. 

Notify affected parties and legal authorities

In the third step, you need to notify legal authorities and, in certain circumstances, any affected parties about the data breach. Check the federal and state laws that apply to your business. You should inform law enforcement based on the kind of information and regulations that become compromised.

Disclaimer: These guidelines are based on recommendations by the FTC and do not constitute legal advice. If you have legal questions, consult a licensed attorney.

If a cybercriminal steals information such as clients’ bank account numbers or credit card details, you’ll have to inform the businesses that maintain such accounts to prevent misuse.

Consider the following attributes in deciding who to notify and how:

  • Laws of the state.
  • Nature of data breach.
  • Type of the information stolen
  • The potential damage caused due to identity theft or misuse of the information

You can see the detailed recommendations from FTC on notifying individuals regarding a data breach. It also presents a model letter on how the information is to be conveyed.

How to prevent your business from data breaches

You can prevent data breaches by building and maintaining the right security construct in your organization. It will help you save your business from hefty fines imposed by regulating authorities for compromising customer's sensitive data or information. 

$3.92 million

 

was the global average cost of a data breach in 2019.

Source: Ponemon Institute

To build and maintain a robust security posture in your organization, you can take the following security measures. 

Implement role-based access control

Add an extra layer of security over your applications using role-based access controls to protect your data from unwanted exposure. You can regulate access controls using user provisioning tools that allow you to keep track of users' access rights and enable you to create and manage user's access privileges at ease.

Malicious hackers see employees as their primary key to penetrate an organization's infrastructure. Controlling their access rights will help protect your data from unauthorized access and avoid accidental or intentional exposure to foreign entities.

Tip: Learn how to implement a user provisioning tool in your company to regulate your employees' access rights.

Onboard a cybersecurity specialist

Onboarding a cybersecurity specialist is a rewarding investment when you think about its long-term return on investment (ROI). Cybersecurity specialists educate your employees about the best practices they should follow based on their experience with past security breaches.

They'll update your staff regarding evolving techniques in cybercrime, making your team aware of different attack vectors that could risk your organization's security posture. They'd train your staff to identify danger among usual things, locate shadow IT, educate them about evolving black-hat techniques and more.

Monitor your IT infrastructure

A few hours of downtime can have a serious negative impact on your company's revenue. You have to be proactive to resolve incidents when they appear. It's advisable to monitor your IT infrastructure constantly to make sure you have addressed security issues or incidents that might converge into a downtime. 

Tip: Use remote monitoring and management (RMM) software to gain visibility over your IT infrastructure remotely.

Monitoring activities across all endpoints continually will help you protect your IT assets from potential threats and security breaches, enabling you to maintain security.

Secure all endpoints

Leverage edge protection and secure all endpoints in your IT infrastructure to prevent any accidental security breach. It'd cover all your servers, systems, applications, IoT devices, and other assets in the environment. 

Edge protection will enable you to restrict access to any unsecured web page, block harmful emails with firewalls, web-filters, and spam filters. Even if some malicious entity slips through it, endpoint protection software will disable it immediately.

Evaluate third party vendors

Make sure you onboard third-party vendors that match your cybersecurity standards. Onboarding a vendor without evaluating the risk they may introduce  into your security construct can be very costly. While onboarding a new vendor, ensure that you have evaluated the security of the vendor solution. .

Although this wouldn't prevent a third-party data breach, it'd hold the vendor accountable if their security posture changes, and there is negligence in remediation. You can consider having predetermined service-level agreements (SLAs) to keep cybersecurity risk management in check while delivering the desired outcomes. 

Being consistent in monitoring your vendors for security risk would be rewarding compared to conducting one time audits and questionnaires. It'll give you a complete overview of your vendor's security posture.

Maintain a backup of your data

If the unfortunate event of a data breach occurs, having a backup of the data will help you restore a clean system and get it up and running. It'd help you recover the lost data. You can collaborate with IT specialists and implement an automated data backup solution in an organization.

When a data breach occurs, you'll be assured that there is a backup ready for you to restore and prevent further downtime that undermines your business in terms of reputation and finances. 

Significant data breaches of all-time

Even after maintaining a cybersecurity program in the organization, there are specific gaps in the security construct exposed to threats due to technical issues or sheer negligence. As a result, data breaches have occurred and have caused significant damage to the involved businesses. Let's look at a few biggest data breaches and learn from them to avoid falling victim to the same black-hat techniques.

Adobe

In October 2013, Adobe suffered a data breach that compromised the personal and bank details of at least 38 million users. Based on a settlement reached  in August 2015, the company was required to pay an amount of $1.1 million in legal fees and a substantial amount to a user whose information was compromised, as it violated the Customer Record Act. 

Adobe spokesperson Heather Edell said, "The company has just completed a campaign to contact active users whose user IDs with valid, encrypted password information was stolen, urging those users to reset their passwords.” She said Adobe has no indication that there has been any unauthorized activity on any Adobe ID involved in the incident.

The company claimed "their investigation confirmed that hackers gained access to Adobe IDs of around 38 million active users with the encrypted passwords." These users were notified through emails to reset their passwords that were compromised in the incident.

eBay

In May 2014, eBay reported that a list of 145 million users was compromised. The information included names, encrypted passwords, addresses, phone numbers, and dates of birth. The hack was performed using the credentials of three employees to gain access to its network, where the unauthorized access went unnoticed for 229 days, where they could have compromised the user database.

eBay notified its customers to change their passwords. In the breach, financial information such as credit card numbers and other details were not compromised. Customers criticized the company for lack of communication with them and poor implementation of the password-renewal process.

Adult Friend Finder

In October 2016, Adult Friend Finder suffered a data breach, and records of around 412.2 million users were stolen. These records contained sensitive information as it was a dating website. The user accounts were protected by the weak SHA - 1 hashing algorithm. It's estimated that over 99% of these passwords were cracked before leakedsource.com published its analysis of the data on November 14, 2016.

Based on the reports, a researcher named 1x0123 on Twitter and Revolver in other circles posted screenshots of Local File Inclusion (LFI) vulnerability in a module of protection servers used by Adult Friend Finder, which was being exploited.

Equifax

On September 7, 2017, one of the United States's largest credit bureaus suffered a data breach that exposed about 147.9 million customers. The Equifax data breach was caused due to an application vulnerability on one of their websites. In the breach, personally identifiable information (PII) like social security numbers, birth dates, addresses, and drivers license numbers of 143 million users was compromised, and credit card information of 209,000 consumers were also exposed. The number increased to 147.9 million in October 2017. 

During the breach, inadequate system segmentation made lateral movement easy for the attackers.

Canva

In May 2019, Canva suffered a cyber attack that compromised usernames, email addresses, names, cities, and hashed passwords of 137 million users. The user data was accessible to the hackers, who managed to view files with partial credit card data. They weren't able to steal this information. 

It was reported that the hackers were called by the name of Gnosticplayers – contacted by ZDNet to boast about the incident. The attack was detected by Canva, and they closed their data breach server.

The company confirmed the incident and notified users while prompting them to change passwords and reset access tokens. Later, Canva confirmed that approximately 4 million Canva accounts containing stolen user passwords were later decrypted and shared online.

Make your information security unbreachable

Start taking the right precautions by building and maintaining a robust security framework in your organization and prevent your assets from data breaches.

Conduct vulnerability scanning and identify spots for penetration testing to start fixing your vulnerabilities before they pose a risk to your information security.

Monitor your logs with SIEM systems to prevent a data breach

Monitor all events across your IT environment

Use SIEM systems to aggregate logs, identify threat patterns, and conduct forensic analysis in your IT infrastructure.

Never miss a post.

Subscribe to keep your fingers on the tech pulse.

By submitting this form, you are agreeing to receive marketing communications from G2.