Data

Security
Breach
 Introduction
Data is the raw form of information, which stored
in our databases, network servers, personal
computers and some other places. But all data
or information is not accessible for all. Some
data or information is personal, as well as
implicit for its own purpose. In that case some
people or organizations can try to capture those
'not accessible information
What is Data

• According to Webster's Third New

International Dictionary, Data is
"something given or admitted; facts or
principles granted or presented; that
upon which an inference or argument is
based, or from which an ideal system of
any sort is constructed".
• According to the Oxford “Data is
distinct pieces of information,
usually formatted in a special way”.
 • Public Data
Open to all users and no
security measures are
necessary
Classificati • Limited-Access Data
on of data Only authorized users have
access to this type of data
• Private Data
This data is open to a single
user only; the owner of
that particular data
What is Security

• Security is the
protection of
information, systems
and services against
disasters, mistakes and
exploitation, so that the
probability of
incidents is minimized.
What is Data
Security

• Data security is the means of ensuring that data

is kept safe from corruption and that access to it
is suitably controlled. Thus data security helps to
ensure privacy. It also helps in protecting
personal data. That means protection of data
from unauthorized (that may be accidental or
intentional) access, modification and destruction.
 • Access Controls: Access
controls regulate
thereading, copying,
changing and deletion of
data and programs.
• Flow Controls: Flow

Why Data controls can prevent

aservice program from
leaking the customer's

Security
confidential data.
• Inference Controls: A
method of
preventingdata about
specific individuals from
being inferred from
statistical information in
a data base about
groups of people.
 • Data security breaches,
which occur when
sensitive data or
information is
improperly accessed,

Data pose a threat to

consumers and
businesses alike. While

Security customers face the

prospect of their
personal information

Breach
being stolen and used
for crimes like identity
theft and payment card
fraud, data breaches
expose organizations to
potential lawsuits,
revenue loss, and the
loss of privately held
assets.
 What is a data
security breach?

• A data security breach occurs when unauthorized individuals or groups, such as

hackers or cybercriminals, access sensitive information held by an organization.
Some confidential information accessed and stolen by bad actors during a data
breach includes corporate assets and personally identifiable information (PII) like
social security numbers (SSN), credit card numbers, email addresses, and other
personal data.
• The terms "data breach" and "breach" are often used interchangeably with
"cyberattack." However, not all cyberattacks are data breaches. Data breaches
include only those security breaches where someone gains unauthorized access to
data.
• For example, a distributed denial of service (DDoS) attack that overwhelms a
website is not a data breach. A ransomware attack that locks up a company's
customer data and threatens to leak it unless the company pays a ransom is a data
breach. The physical theft of hard drives, USB flash drives or even paper files
containing sensitive information is also a data breach.
• According to IBM’s Cost of a Data
Breach Report 2023, the average
total cost of a breach reached an
all-time high of $4.45 million that
year, representing a 2.3 percent
increase from 2022. The industries
with the most costly data breaches
that year included health care,
finance, pharmaceuticals, energy,
and manufacturing.
 How data breaches
happen

 Accidental Web/Internet Exposure where sensitive data or application credentials are accidentally
placed in a location accessible from the web or on a public repository like GitHub.
 Unauthorized Access where bad actors exploit authentication and authorization control system
vulnerabilities to gain access to IT systems and confidential data.
 Data on the Move where perpetrators access sensitive data transmitted in the clear using HTTP or
other nonsecure protocols.
 Employee Error/Negligence/Improper Disposal/Loss where bad actors exploit weak or unenforced
corporate security systems and practices or gain access to misplaced or improperly
decommissioned devices.
 Hacking/Intrusion where an external attacker steals confidential data via phishing, malware,
ransomware, skimming or some other exploit.
 Insider Theft where a current or former employee or contractor gains access to confidential data
for malicious purposes.
 Physical Theft where data is extracted from stolen laptops, smartphones or tablets.
 Data Breach Attack
Vectors:
1.Credential-Based Attacks:
• Stolen/Compromised Credentials (16%): Brute-force, dark web,
social engineering. Social Engineering/Phishing (16%):
Manipulation, fraudulent emails/texts, malware.
• 2. Malware & Exploits:
• Ransomware: Data encryption, ransom demands.
• System Vulnerabilities: Exploiting weaknesses in
systems/software.
• SQL Injection: Malicious code injection into databases.
• Spyware: Keystroke logging, data exfiltration.
3. Human & IT Factors:
• Human Error/IT Failures (24% combined): Misconfigurations,
unpatched vulnerabilities, data loss.
• Cloud Misconfigurations (12%): Improperly configured cloud
services.
• Unpatched Vulnerabilities (6%): Known weaknesses not
addressed.
• Accidental Data Loss (6%): Lost devices, improper handling.
4. Physical Attacks:
• Physical Security Compromises: Theft of devices/data, skimming.
 Cases:
Data breaches are on the rise. According to the Identity Theft Resource Center (ITRC), data breaches increased
by 78 percent between 2022 to 2023, rising to a total of 3,205. This figure represents a significant increase
compared to the previously already high number of 1,860 in 2021.
 Facebook, 2019: In 2019, Facebook discovered a data breach that impacted over 530 million users. Their
account names, phone numbers, locations, and, in some cases, emails were leaked and posted on an
online hacking forum. The hack affected users from 106 countries.
 Colonial Pipeline: In 2021, hackers infected Colonial Pipeline's systems with ransomware, forcing the
company to temporarily shut down the pipeline that supplies 45% of the US East Coast's fuel. Hackers
breached the network by using an employee's password that they found on the dark web. The Colnial
Pipeline Company paid a USD 4.4 million ransom in cryptocurrency, but federal law enforcement recovered
roughly USD 2.3 million of that payment.

 23andMe: In the fall of 2023, hackers stole the data of 6.9 million 23andMe users. The breach was notable
for a couple of reasons. First, because 23andMe conducts genetic testing, the attackers obtained some
unconventional and highly personal information, including family trees and DNA data.

Second, the hackers breached user accounts through a technique called "credential stuffing." In this kind of
attack, hackers use credentials exposed in previous leaks from other sources to break into users' unrelated
accounts on different platforms. These attacks work because many people reuse the same username and
password combinations across sites.
 Causes of data security breaches

• Phishing attacks: $4.76 Million

• Stolen or compromised credentials: $4.62
Million
• Unknown (zero-day) vulnerabilities: $4.45
Million
• Cloud misconfiguration: $4.00 Million
• Business email compromise: $4.67 Million
• Social engineering: $4.55 Million
• Physical security compromises: $4.10 Million
• Malicious Insiders: $4.90 Million
• Accidental data loss or lost/stolen
devices: $4.46 Million
• Known unpatched vulnerabilities: $4.17
Million
• System errors: $3.96 Million
 How do data security breaches happen?

1. Research and surveillance: The hacker gathers information about the

target, their systems, and any possible vulnerabilities.
2. Scanning: The hacker identifies a way to infiltrate a system and gain
access to information.
3. Access and infiltrate: The hacker executes their plan and gains initial
access to their target system, operating systems, or applications.
4. Maintain access: The hacker secures their access to the system and
seeks to maintain it by using rootkits or Backdoor attacks. The hacker
steals the target data, such as personal and financial information.
5. Cover their tracks: The hacker covers their tracks to conceal their
identity, the method of attack, and what they stole.
 What is targeted in Data
Breaches?

 Weak credentials. The vast majority of data breaches are caused by stolen or weak credentials. If
malicious criminals have your username and password combination, they have an open door into your
network. Because most people reuse passwords, cybercriminals can use brute force attacks to gain
entrance to email, websites, bank accounts, and other sources of PII or financial information.

 Stolen credentials. Breaches caused by phishing are a major security issue and if cyber criminals get
hold of this Personal information, they can use it to access things like your bank and online accounts.

 Compromised assets. Various malware attacks are used to negate regular authentication steps that
would normally protect a computer.

 Payment Card Fraud. Card skimmers attach to gas pumps or ATMs and steal data whenever a card is
swiped.

 Third-party access. Although you may do everything possible to keep your network and data secure,
malicious criminals could use third-party vendors to make their way into your system.

• Mobile Devices. When employees are allowed to bring their own devices (BYOD) into the workplace, it's
easy for unsecured devices to download malware-laden apps that give hackers to data stored on the
device. That often includes work email and files as well as the owner's PII.
 How to prevent data
security breaches

• Encrypt all data. Organizations should encrypt all of their data for storage and
transmission from one location to another. Data encryption turns readable
“plaintext” into “ciphertext” that uses a key associated with a string of numbers
or a password generated by an algorithm to decrypt the data. Keys are so
complex that they can resist brute force attacks or cyberattacks that seek to
break passwords using computer programs.
• Restrict data access. Few people need access to all of an organization’s data.
Rather than granting data access to every employee or contractor, it’s safer for
organizations to establish clear guidelines on who can access what data and
when.
• Keep a data inventory. A data inventory, or data map, is a catalog that
records all of an organization's data and where it’s stored. This enables
organizations to note the location of particularly sensitive data and establish
best practices to protect it from unauthorized access.
• Patch and secure infrastructure and networks. As IBM’s Cost of Data
Breach report indicates, hackers increasingly exploit zero-day vulnerabilities
to access organizations’ internal systems. So, it’s more important than ever
for IT professionals to patch vulnerabilities proactively. At the same time,
they must also ensure that the organization’s network is safe from attackers
through firewalls, intrusion detection systems, and other commonly used
data protection methods.
• Educate employees. Employee training is critical to establishing data
security within an organization. As a result, it’s imperative that organizations
provide their employees with the guidance and training they need to ensure
that data remains safe and secure. Training often covers topics such as best
practices for setting passwords, information-sharing protocols, and properly
using the data protection tools within the organization.