It's not a matter of if your organization will be hit by a network data breach—it's a matter of when. But too often, IT decision-makers don't prepare for a breach, either because they shrug off a breach as an inevitability or because they think they are the exception to the rule. Whatever the reason, they may let their network data breach detection systems lapse, and the breach isn't flagged until too late—even though all the warning flags went up.
Breaches and incidents are costly—not just in terms of dollars, but in terms of customer trust. Swiftly identifying and responding to data breaches lets businesses refocus on their goals and quickly rebuild customer confidence.
The 2020 Verizon Data Breach Investigations Report (DBIR) defines a breach as "an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party." A network data breach should not be confused with a cyber incident, which the DBIR classifies as "a security event that compromises the integrity, confidentiality or availability of an information asset."
Why does it matter what you call it? As data privacy compliance regulations get tighter, knowing the difference between a breach and an incident could save millions of dollars in fines and prevent damage to your reputation. For example, though many consider ransomware attacks to be data breaches, the DBIR considers them cyber incidents because the data is encrypted, not stolen and disclosed. Unless, of course, that encrypted data is subsequently used to steal credentials—then it becomes a breach.
One of the most overlooked causes of a network data breach is a lost mobile phone. A stranger picks up that lost work phone and snoops through it—and just like that, your data has been breached by an unauthorized party. But many people don't think twice about what a lost device reveals; rather, the concern is replacing the device. And while not every lost device will result in a breach, you can be pretty sure that if that phone has gone missing, data has been compromised.
Basic human error is often behind breaches. Mistakes happen, but if an employee doesn't own up to their mistake or doesn't realize that something is amiss, it could lead to a breach. Social engineering attacks are another top cause of incidents. If employees are regularly using the company network to spend time on unapproved social media sites, sharing emails from unknown sources with web links embedded in them, or visiting suspicious websites, there is a good chance that your network has been compromised. Other common causes for data breaches include junk network traffic, malware, phishing and fraudulent web applications.
How do you know if you've been breached?
Some common, yet overlooked, signs of a breach or cyber incident include:
- Unusual login activity
- Unusual file changes and database manipulation
- The appearance of suspicious or unknown files
- Locked accounts and changed user credentials
- Missing funds or assets, such as intellectual property or sensitive data
- Abnormal admin activity
- Reduced internet speed
- Unexpected loss in market share
- Reduced competitive advantage
For some organizations that don’t invest enough effort into security, it can take months before a breach is discovered. And if your organization has been breached, you probably won't be the one to notice it. Third parties, such as security researchers, are most likely to discover a breach and report it to your organization. A cyber security journalist might write a news post about it. (If Brian Krebs is writing about your company, it probably isn't good news.) Worse still, a customer might contact you because the personal information that they entrusted to you has been stolen and misused. You might not even know until law enforcement authorities ring you up.
However a breach is discovered, you must ensure that there is an easy way for potential breaches or cyber incidents to be detected so that your IT team can investigate and mitigate them as quickly as possible.