A data breach is a cyber-attack in which sensitive, confidential, or otherwise protected data is improperly accessed and disclosed.
Because many people are unaware of how common modern security threats operate, they do not pay enough attention to them.
Data breaches can lead to lost business, stiff fines, and expensive settlements.
A breach can take several forms.
Accidental Web/Internet Exposure occurs when sensitive data or application credentials are inadvertently stored in a location accessible via the internet or on a public repository such as GitHub.
Unauthorized Access occurs when malicious actors exploit authentication and authorization control system flaws to access IT systems and sensitive data.
Data on the Move refers to incidents where perpetrators gain Access to sensitive data transmitted in the clear via HTTP or other insecure protocols.
Employee Error/Negligence/Inadequate Disposal/Loss occurs when bad actors take advantage of weak or unenforced corporate security systems and practices or gain Access to misplaced or improperly decommissioned devices.
An external attacker steals confidential data through phishing, malware, ransomware, skimming, or other exploits.
Insider Theft occurs when a current or former employee or contractor gains unauthorized Access to confidential data.
Data extraction from stolen laptops, smartphones, or tablets is an example of physical theft.
No single security tool or control can completely prevent data breaches.