A data breach is a security incident in which malicious insiders or external attackers gain unauthorized access to confidential data or sensitive information such as medical records, financial information or personally identifiable information (PII). Data breaches are one of the most common and most costly types of cybersecurity incidents. They affect businesses of every size, industry and geography — and they occur with frightening regularity.
According to a 2019 Ponemon Institute Report, the odds of experiencing a data breach are one in four over a two-year period. The average total cost of a data breach now exceeds $3.9 million (about $150 per data record) and can range much higher when additional expenses, such as added threat detection and response, customer notifications, reputational damage and lost prospective business opportunities, are factored in.
Data Breaches can Result in Lost Business, Stiff Fines and Costly Settlements
Data breaches are particularly costly in heavily regulated industries like healthcare and financial services where the disclosure of personal data can result in fines and legal payouts. (Ponemon says the average total cost of a data breach is $6.45 million for healthcare organizations and $5.86 million for financial services firms.)
Some noteworthy data breaches in recent years include:
- A 2019 data breach exposed the personal data of over 17 million Ecuadorian citizens. This breach is not only notable for its large scale, but also for the depth of information exposed. This included official government ID numbers, phone numbers, family records, marriage dates, education histories and work records.
- A scandal erupted in 2018 when it came to light that Cambridge Analytica, a British political consulting firm, harvested the personal data from millions of people’s Facebook profiles without their consent and used it to target political ads. This cost Facebook $663,000 – the highest penalty possible at the time – for failing to sufficiently protect the personal information of its users.
- In 2017, a data breach at Equifax exposed the personal information of 147 million people and resulted in a $700 million settlement with the credit reporting firm reimbursing individual consumers up to $20,000 each.
Data Breaches Come in a Variety of Flavors
Bad actors can gain access to confidential data in a variety of ways. The Identity Theft Resource Center, a non-profit group that provides assistance to victims of identity theft, tracks seven distinct types of data breaches:
- Accidental Web/Internet Exposure where sensitive data or application credentials are accidentally placed in a location accessible from the web or on a public repository like GitHub.
- Unauthorized Access where bad actors exploit authentication and authorization control system vulnerabilities to gain access to IT systems and confidential data.
- Data on the Move where perpetrators access sensitive data transmitted in the clear using HTTP or other nonsecure protocols.
- Employee Error/Negligence/Improper Disposal/Loss where bad actors exploit weak or unenforced corporate security systems and practices or gain access to misplaced or improperly decommissioned devices.
- Hacking/Intrusion where an external attacker steals confidential data via phishing, malware, ransomware, skimming or some other exploit.
- Insider Theft where a current or former employee or contractor gains access to confidential data for malicious purposes.
- Physical Theft where data is extracted from stolen laptops, smartphones or tablets.
Preventing and Mitigating Data Breaches
Security experts recommend businesses adopt a defense-in-depth security strategy, implementing multiple layers of defense to protect against and mitigate a wide range of data breaches.
A multi-layer security strategy includes:
- Privileged access security solutions to monitor and control access to privileged system accounts, which are often targeted by malicious insiders and external attackers.
- Multi-factor authentication solutions to strengthen identity management, prevent impersonation and reduce risks associated with lost or stolen devices or weak passwords.
- Endpoint threat detection and response tools to automatically identify and mitigate malware, phishing, ransomware and other malicious activity that can lead to a data breach.
- Least privilege management practices to tightly align access rights with roles and responsibilities so that no one has more access than they need to do their job. This helps reduce attack surfaces and contain the spread of certain types of malware that rely on elevated privileges.