October 04, 2022 | Cyber Security

The Anatomy of a Data Breach: What are They and What to do When You Spot One?

Share This:
Featured Image

Arguably no phrase has dominated the tech world the last 24 months more than the term “data breach.” From breaches that have impacted critical infrastructure like the Colonial Pipeline to ransomware attacks on CMA and CGM, the last two years have been saturated by headlines of cybersecurity mishaps. Yet, despite the prevalence of the breach-centric news cycle, many people may not know what exactly data breaches are, how they typically start, and why they occur.

According to IBM, the average time it takes to identify that a breach has occurred is 287 days, with the average time to contain a breach clocking in at an additional 80 days. And with 81% of businesses experiencing a cyberattack during COVID, it is essential that individuals are familiar with the anatomy of a data breach so that they can keep their data, as well as their colleagues’ and customers’ data, safe.

What is a data breach?

While it may seem like a complex concept, once the jargon is removed, a data breach is actually straightforward to explain. According to Trend Micro, a data breach is “an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner.” And while data breaches can be the result of a system error or human error, a vast majority of data breaches are the result of cyber attacks, where a cyber criminal gains unlawful access to sensitive system data.  92% of the data breaches in Q1 2022 were the result of cyberattacks.

What kind of data can be breached?

Cyber criminals look to get their hands on any information that they possibly can, ranging from obviously sensitive information such as social security numbers and credit card information to more obscure data like past purchase history.

What are some of the tactics used to execute data breaches?

Cybercrime is getting more sophisticated each day. However, cyberattack tactics do not have to be cutting-edge or advanced in order to be very effective. Here are a few examples of popular tactics used by cybercriminals:

  • Phishing: Phishing is when a cybercriminal pretends to be a legitimate party in hopes of tricking an individual into giving them access to personal information. Phishing is one of the oldest tricks in the book for cybercriminals but it is just as effective as ever. To date, 80% of security incidents and 90% data breaches stem from phishing attempts.
  • Malware: Another tried-and-true method for cybercriminals is malware. Malware is malicious software that secretly installs itself on devices – often by way of a user engaging with fake links and content. The malware quietly gains access to the data on an individual’s device or a business network and makes that data available to the cybercriminal.
  • Password Attack: Through password attacks, cybercriminals look to gain access to sensitive data and networks by way of “cracking” user passwords and using these credentials to get into networks and extract data from a given network.

How to avoid or respond to a possible breach?

The best way to stop a data breach is to stop it before it even starts. This includes taking steps from making sure passwords are long and complex to reporting suspicious emails. If you do suspect that you have been the victim of a breach, immediately contact your IT department or device provider to notify them and follow subsequent protocols to help them scan, detect, and remediate any issues that exist.

A breach coach can help you manage the incident from notification compliance to client and vendor communications and crisis management support.

 

Source: National Cybersecurity Alliance 

Cybersecurity Awareness Month is co-led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA). For more information about ways to keep you and your family and business safe online visit https://staysafeonline.org/cybersecurity-awareness-month/ and https://www.cisa.gov/cybersecurity-awareness-month

Disclaimer: This information is provided as a public service and for discussion of the subject in general. It is not to be construed as legal advice. Readers are urged to seek professional guidance from appropriate parties on all matters mentioned herein.

 

Share This:

Related


Informed and Motivated Employees Are Your First Line of Defense Against Cybercrime

While cyberattacks caused by sophisticated cybercriminals and the advent of artificial intelligence (AI) make headline news, human error continues to drive most cyber events. According to Harvard Business Review (HBR), more than 80% of cyber incidents are attributed to end-user error. The worldwide cost of cybercrime was estimated at $10 trillion in 2023 and is expected to more than double in the next four years. In addition, in a 2022 study by Stanford University, 90% of ransomware attacks originated through phishing emails to employees, according to an article by Maria Long, Vice President, Cyber Underwriter & Risk Management Portfolio Leader […]

Cyber Security

Risk Management Q&A Panel: NCBFAA Annual Conference 2022

Glenn Patton, Managing Director – Canada and Patrice Lafayette, Vice President at Roanoke  along with Pat Fosberry, Director of Export Compliance at John S. James Co. and Cameron Roberts, Partner at Roberts &  Kehagiaras LLP participated recently in a risk management panel at the NCBFAA Annual Conference. The session was aptly titled “One Thing After Another” and focused on, international shipping concerns, cyber-attacks, bond insufficiencies, CBP deadlines  and suggestions for mitigating your risk as a logistics service provider. Below is a recording of the discussion. There are a multitude of strategies, tools and insurance products that can help you protect […]

Cyber Security

Be CyberSmart: Don’t Let Your Business Be Held For Ransom

When ransomware strikes, business stops. You may be in the middle of writing an email or arranging a shipment or paying a bill when your familiar screen disappears and is replaced by an ultimatum: pay up or lose your data forever. A typical ransomware screen might inform you that your system’s data has been encrypted and to get the key to unlock it, you need to pay a ransom – usually in the form of bitcoin. Ransomware notices will also include a timeframe to pay, maybe in the form of a clock counting down to the second that your payment […]

Cyber Security, Industry Insights

Roanoke is the leading provider of insurance and surety solutions for transportation and logistics providers. In fact, we are recognized as the most reliable source for U.S. customs bonds.

Contact

If you have any questions or need help, feel free to contact with our team.

800-762-6653

US CORPORATE HEADQUARTERS

1501 E. Woodfield Road

Suite 400W

Schaumburg, IL 60173


CANADA CORPORATE HEADQUARTERS

390 Bay Street

Munich Re Centre, 22nd Floor

Toronto, ON M5H 2Y2

Solutions that Go the Distance.

© 2024 Roanoke Insurance Group Inc.

Better Business Bureau logoCoverholder at Lloyd's logo