Data Breach- An accidental theft OR a flare to security?

How it comes to the limelight:-

Almost a decade ago, an online dating app grabbed the eyes of the technocrats as the information of around 4M users was leaked to different adult forums exposing their emails, usernames, date of birth and postal zip code. This case was quite different from usual financial or any other industrial breaching as it involves the exposure of utmost confidential and sensitive data that might be life threatening for the subscribers. It could lead the user to blackmail or extortion to the least. However, the worst could be expected as the internet shaming and awkward explanations from users and owners of the app.

This incident compels the globe to re-analyse the security measures that high end companies are abide to provide and make the air for the awareness of data breaching in general.

So basically data breaching refers to an incident where the secured and confidential information is accessed and exposed to dubious environment. It can be carried out with fishy intentions or can be cracked accidentally.   Later on, this data can be misused by various unauthorized persons. The data can be in any form such as passwords, address, account, PIN numbers or any trade information.

The prime reason for the occurrence of such theft is vulnerability in system and internet providing services. Moreover, the constant upgradation in technologies without any protection against them is also equally accountable.

Some of the most common ways of breaching are:-

1. Accidental internal breach
2. Intentional internal breach
3. Theft of physical device
4. Cybercrime

Out of these, the most common is cybercrime. Inspite of various powerful measures, cybercriminals and hackers continue to panic the web world. Their ultimate goal is to steal the information and sell it to the dark web with skyrocketed prices.

Different aspects of cyber crime are as discussed:-

• System Vulnerability:- Expired firewalls and software opens the gateway to crack the security of the system leading to the convenient theft for the hackers.
• Malware attack:- Malware attacks using spam and phishing misleads user and redirect them to malicious websites resulting into exploitation of software and hardware security.
• Phishing:- Attacks that targets the act of surrendering the credentials.
• Brute Force Attack:- Repeated attempts to guess the correct passwords.

Here’s a list of popular data breach methods that are performed worldwide by hackers:-

• Cyber espionage
• Denial of service
• Privilege misuse
• Payment card skimmers
• Lost and stolen assets
• Web applications

How to prevent:-

1. Update firewall and software regularly.
2. Conduction of vulnerability and PEN testing on regular basis.
3. End to end encryption on the local onsite network.
4. Use of strong antivirus and its regular updating.
5. Enforcement of strong credentials and two factor authentication.
6. All devices using business grade VPN services.
7. Strictly following and promoting the security policies to the employees.
8. Frequent updating and creating awareness to the staff and to the localities.
9. Enforcing the Principle of least privilege (POLP) to the employees using the least possible permission and rights to undertake their work.
10.  Executing the incident response plan(IRP) to be implemented in case of sudden or planned data breach. The IRP must include the processes of identification, controlling and quantifying the security incident.