A data breach is an incident wherein information is stolen or taken from a system without the knowledge or authorization of the system’s owner. A small company or a large organization may suffer a data breach. Stolen data may involve sensitive, proprietary, or confidential information, such as credit card numbers, customer data, trade secrets or matters of national security.
Damage created by such incidents often presents itself as loss to the target company’s reputation due to a perceived ‘betrayal of trust’. The damage may also involve financial losses for the company as well as that of their customers’ should financial records be part of the information stolen.
Other frequently observed breach methods include the following:
· Insider leak: A trusted individual or person of authority with access privileges steals data.
· Payment card fraud: Payment card data is stolen using physical skimming devices.
· Loss or theft: Portable drives, laptops, office computers, files, and other physical properties are lost or stolen.
· Unintended disclosure: Through mistakes or negligence, sensitive data is exposed.
· Unknown: In a small of number of cases, the actual breach method is unknown or undisclosed
Phases of a data breach
The attacker, having picked his target, looks for weaknesses to exploit: the target’s employees, its systems, or its networks. This entails long hours of research on the attacker’s part, and may involve stalking employees’ social networking profiles to find what sort of infrastructure the company has.
Having scoped out a target’s weaknesses, the attacker makes initial contact either through a network-based attack or a social attack.
In a network attack, the attacker uses the weaknesses in the target’s infrastructure to get into its network. These weaknesses may include, but are not limited to, SQL injection, vulnerability exploitation, and/or session hijacking.
In a social attack, the attacker uses social engineering to infiltrate the target’s network. This may involve a maliciously crafted email sent to an employee, tailor-made to catch that specific employee’s attention. The mail could be a phishing mail, where the reader is fooled into supplying personal information to the sender, or one that comes with attached malware set to execute once accessed
Once inside the network, the attacker is free to extract the data he needs from the company’s infrastructure. This data may be used for either blackmail or black propaganda. The information attackers collect can also be used to execute more damaging attacks on the infrastructure.