What Is a Data Breach?

A data breach is any incident in which unauthorized parties gain access to a system, a network or data. This exposure can occur for nefarious reasons, such as a cybercriminal using to gain access, but it can also happen inadvertently as a result of employee error. For example, a victim may click a seemingly innocent link in an email which prompts them to enter their credentials, providing a bad actor a way “in” to the network.

Cybercriminals may use one or more tactics to infiltrate an organization and steal data.

Phishing attacks are one of the most common causes of data breaches. Cybercriminals use deceptive emails and text messages to trick targets into revealing sensitive information. By convincing targets that messages are legitimate, attackers can compel them to take action that could lead to a breach, such as providing access credentials or clicking a link that downloads malware.

Cybercriminals are adept at social engineering, using human psychology to exploit a victim’s vulnerability. For instance, a phishing email that appears to be an urgent request from a boss could lead the recipient to act quickly, potentially sharing sensitive information instead of taking time to confirm the email is legitimate. Cybercriminals use social media accounts and other publicly available information to craft personalized, convincing messages, especially when targeting high-ranking individuals with privileged access to sensitive information.

In a malware attack, cybercriminals install malware (malicious software) onto a target’s endpoint environment to compromise its security. Different types of malware perform different functions and provide hackers with varying capabilities. For example, ransomware lets cybercriminals lock down an organization’s data, making it inaccessible until the victim pays a ransom.

In a distributed denial-of-service (DDoS) attack, a cybercriminal sends massive amounts of traffic to a website, server, or network, causing it to crash or otherwise disrupt service to legitimate users. While DDoS tactics vary, the basic objective is to overwhelm the victim’s defenses and bring their web-based operations to a halt. The attackers’ goal may be to cause a disruption, probe for security vulnerabilities or stage a distraction for a simultaneous attack.

Employees with access to sensitive information may intentionally or unintentionally expose that information to unauthorized users. In some sectors, insider threats are a leading cause of data breaches, often through misuse of access privileges or inadvertently sending sensitive information to an unintended recipient.

Weak passwords are problematic because they could allow unauthorized access to sensitive information. Passwords may be too easy to guess or may be reused across several accounts. Weak passwords are also vulnerable to brute-force attacks, in which hackers try multiple password combinations until they hit the right one. Artificial intelligence (AI) and automation have made brute-force attacks easier and faster, making strong passwords essential.

Large-scale data breaches affecting millions of individuals have become all too common. These breaches can also come with a hefty price tag, especially when regulatory agencies believe companies have not taken sufficient measures to protect consumers’ data.

In 2016, Yahoo announced that a 2013 data breach had compromised the data of more than 1 billion user accounts. Yahoo’s investigation found that hackers may have stolen users’ names, birth dates, email addresses, phone numbers and hashed passwords (a secure version of passwords), along with security questions and answers. A subsequent analysis by Yahoo’s new owner, Verizon, found that the breach had likely involved 3 billion user accounts.

In 2017, the credit reporting agency Equifax reported that a data breach had exposed the data of 148 million Americans. This breach was notable because of its scale and because Equifax maintains extremely sensitive information, including Social Security and driver’s license numbers. The federal government charged members of a Chinese military group with the attack, and Equifax agreed to pay victims a settlement of up to $425 million.

Marriott Hotels announced in 2018 that hackers had infiltrated its guest registration system and stolen the information of 500 million people, potentially including credit card and passport numbers. The Federal Trade Commission found that Marriott had actually experienced three data breaches between 2014 and 2020, leading to a $52 million settlement reflecting Marriott’s alleged cybersecurity failures.

Data breach prevention requires a proactive, well-orchestrated approach to cybersecurity. Here are a few of the most critical steps organizations should take to detect, prevent and recover from data breaches.

Human error is a persistent cause of data breaches. On the other hand, alert and educated employees can be the best defense against advanced attack technique, particularly those that employ phishing to gain access. Depending on employees’ roles, they may need to be educated on limiting access to sensitive information. Every employee should know how to recognize and respond to phishing attacks and other tactics.

Passwords that are easy to guess or are reused across multiple accounts increase the likelihood that cybercriminals will be able to infiltrate an organization. In fact, weak passwords are one of the most common vulnerabilities that most organizations struggle to manage. Using effective password filtering — like prohibiting the use of your company name in passwords and setting high character counts — as well as training users on best practices for setting strong, unique passwords is more important than ever. Organizations often use single sign-on solutions or password managers to streamline login processes and prevent policies from becoming overly burdensome to employees, who may then be less likely to adhere to them.

Keeping software up to date and patching vulnerabilities can prevent hackers from exploiting security flaws. Updated software typically provides better performance and more effective protection against malware, viruses, ransomware and other threats. Regular updates are also important for compliance because if a data breach does occur, an organization must prove to regulatory authorities that it was diligent in keeping security systems updated.

Encryption protects sensitive data from unauthorized access and should be used whenever employees share, transfer or store these assets. Encryption makes it more difficult for criminals to access the data and provides an additional layer of protection if an employee’s device is lost or stolen.

Organizations must be prepared to respond quickly and efficiently if a data breach occurs, because making a plan when the crisis is already unfolding will inevitably lead to poorer outcomes. Incident response planning is critical, yet it is easy to overlook. Advance planning improves organizations’ ability to contain an attack and ensures that staffers follow appropriate legal requirements and best practices after an attack. In addition to knowing what to do, organizations should clearly identify who is responsible for taking which actions.

At minimum, leaders should establish clear answers to these five key questions:

1. When will we launch the incident response plan?
2. Who will we call first?
3. Which systems should we prioritize?
4. What will a data breach cost?
5. How will our staff be affected?

Organizations must take specific steps when a data breach occurs, such as promptly notifying affected individuals. In some cases, they must also report the incident to law enforcement, such as a state attorney general, and any applicable regulatory agency, such as the Federal Trade Commission. Investigators and regulators determine whether an organization has complied with data protection laws and regulations and taken appropriate steps to protect customers’ data. If regulators find that an organization failed to protect data properly, they could impose higher fines or penalties.

Legal action by affected parties is another potential outcome of a breach. Shareholders, business partners, customers and others may file suit against an organization that has been breached if they believe it did not take proper precautions.

Organizations need the proper combination of security solutions and services to prevent unauthorized access, detect an intrusion if one occurs, minimize the damage and recover essential data and operations quickly. Because every environment is different, it is important to tailor cybersecurity strategies to each organization’s specific business needs and security objectives. CDW’s security experts have helped thousands of customers establish stronger defenses, increase their resilience and reduce their risk, all without hindering flexibility or innovation.

Learn about CDW’s approach to data breach prevention and risk management.