The overlooked signs of a data breach


Published: January 05, 2021

It's not a matter of if your organization will be hit by a network data breach—it's a matter of when. But too often, IT decision-makers don't prepare for a breach, either because they shrug off a breach as an inevitability or because they think they are the exception to the rule. Whatever the reason, they may let their network data breach detection systems lapse, and the breach isn't flagged until too late—even though all the warning flags went up.

Breaches and incidents are costly—not just in terms of dollars, but in terms of customer trust. Swiftly identifying and responding to data breaches lets businesses refocus on their goals and quickly rebuild customer confidence.

Language matters

The 2020 Verizon Data Breach Investigations Report (DBIR) defines a breach as "an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party." A network data breach should not be confused with a cyber incident, which the DBIR classifies as "a security event that compromises the integrity, confidentiality or availability of an information asset."

Why does it matter what you call it? As data privacy compliance regulations get tighter, knowing the difference between a breach and an incident could save millions of dollars in fines and prevent damage to your reputation. For example, though many consider ransomware attacks to be data breaches, the DBIR considers them cyber incidents because the data is encrypted, not stolen and disclosed. Unless, of course, that encrypted data is subsequently used to steal credentials—then it becomes a breach.

Common causes

One of the most overlooked causes of a network data breach is a lost mobile phone. A stranger picks up that lost work phone and snoops through it—and just like that, your data has been breached by an unauthorized party. But many people don't think twice about what a lost device reveals; rather, the concern is replacing the device. And while not every lost device will result in a breach, you can be pretty sure that if that phone has gone missing, data has been compromised.

Basic human error is often behind breaches. Mistakes happen, but if an employee doesn't own up to their mistake or doesn't realize that something is amiss, it could lead to a breach. Social engineering attacks are another top cause of incidents. If employees are regularly using the company network to spend time on unapproved social media sites, sharing emails from unknown sources with weblinks embedded in them, or visiting suspicious websites, there is a good chance that your network has been compromised. Other common causes for data breaches include junk network traffic, malware, phishing and fraudulent web applications.

How do you know if you've been breached?

Some common, yet overlooked, signs of a breach or cyber incident include:

  • Unusual login activity
  • Unusual file changes and database manipulation
  • The appearance of suspicious or unknown files
  • Locked accounts and changed user credentials
  • Missing funds or assets, such as intellectual property or sensitive data
  • Abnormal admin activity
  • Reduced internet speed
  • Unexpected loss in market share
  • Reduced competitive advantage

For some organizations that don't invest enough effort into security, it can take months before a breach is discovered. And if your organization has been breached, you probably won't be the one to notice it. Third parties, such as security researchers, are most likely to discover a breach and report it to your organization. A cyber security journalist might write a news post about it. (If Brian Krebs is writing about your company, it probably isn't good news.) Worse still, a customer might contact you because the personal information that they entrusted to you has been stolen and misused. You might not even know until law enforcement authorities ring you up.

However a breach is discovered, you must ensure that there is an easy way for potential breaches or cyber incidents to be detected so that your IT team can investigate and mitigate them as quickly as possible.

Preventing network data breaches

It is likely inevitable that your data will be breached. But that doesn't mean you shouldn't take proactive measures to prevent a breach. Nor can you neglect your ability to quickly identify a breach, as it could wreak significant havoc even in its first few minutes.

The best way to detect breaches is to deploy tools that regularly scan your network for anomalies. Employees can play a role in early network breach detection, too; encourage them to speak up immediately if they notice anything unusual or have trouble with access or credentials. And if someone misplaces a company device, establish that they should report it immediately so that the data can be remotely wiped.

Knowing the signs of a breach and understanding the difference between a breach and an incident can help your organization develop early detection and mitigation strategies—and can keep your customers' confidence in you high when, not if, a breach happens.

Safeguard your assets and operations with Verizon's mobile and data security solutions.