Any unauthorized access to a computer network, computer data, devices, or applications is considered a security breach. Typically, a security breach happens when an intruder is able to hack the system or bypass security mechanisms.
There are different types of security breaches depending on how the intruder was able to gain access. The intruder can use social engineering, in which they pose as an employee to contact the company’s IT staff and ask to have login credentials resent or reset. Hackers can also use drive-by downloads delivered to an employee through emails or website links. Malware attacks, ransomware attacks, exploitation of system vulnerabilities, and cracking weak passwords are some common ways for intruders to infiltrate the system.
According to a report by IBM in 2021, the annual cost of a security breach is $4.24 million, rising 10% from last year. The analysis by IBM takes into account several cost factors including employee productivity, customer turnover, technical activities, regulation, legal, loss of brand equity, and other factors. The scope of the report by IBM included 537 security breaches in over 17 countries. The data was gathered by conducting 3500 interviews.
In the above-mentioned Equifax breach, bizjournals.com reported in February 2020 that the data leak cost the company $1.13 billion in the previous year alone.
As intruders keep finding new ways and tools for security breaches, businesses need to continuously improve their security measures to protect their systems from intruders. Some good habits that be used by businesses to minimize vulnerability to security breaches include using strong passwords, closing dormant accounts, backing up files, using reputable anti-virus software, implement solid micro-segmentation strategies based on zero trust, and regularly training employees on best practices to keep their devices protected from intrusion.
A security incident is different from a security breach. A security incident could be an employee losing his work laptop, a malware infection, a distributed denial of service (DDOS), or other incidents that do not result in loss of data or access to a secured network. In a security breach, there is confirmed disclosure (within the company’s infosec team at least) that the breach took place, not just potential exposure of data to an unauthorized party.