A security breach is any incident that results in unauthorized access to computer data, applications, networks or devices. It results in information being accessed without authorization. Typically, it occurs when an intruder is able to bypass security mechanisms.
Technically, there's a distinction between a security breach and a data breach. A security breach is effectively a break-in, whereas a data breach is defined as the cybercriminal getting away with information. Imagine a burglar; the security breach is when he climbs through the window, and the data breach is when he grabs your pocketbook or laptop and takes it away.
Confidential information has immense value. It's often sold on the dark web; for example, names and credit card numbers can be bought, and then used for the purposes of identity theft or fraud. It's not surprising that security breaches can cost companies huge amounts of money. On average, the bill is nearly $4m for major corporations.
It's also important to distinguish the security breach definition from the definition of a security incident. An incident might involve a malware infection, DDOS attack or an employee leaving a laptop in a taxi, but if they don't result in access to the network or loss of data, they would not count as a security breach.
When a major organization has a security breach, it always hits the headlines. Security breach examples include the following:
A decade or so ago, many companies tried to keep news of security breaches secret in order not to destroy consumer confidence. However, this is becoming increasingly rare. In the EU, the GDPR (General Data Protection Regulations) require companies to notify the relevant authorities of a breach and any individuals whose personal data might be at risk. By January 2020, GDPR had been in effect for just 18 months, and already, over 160,000 separate data breach notifications had been made - over 250 a day.
There are a number of types of security breaches depending on how access has been gained to the system:
In the security breach examples we mentioned above, a number of different techniques were used to gain access to networks — Yahoo suffered a phishing attack, while Facebook was hacked by an exploit.
Though we've been talking about security breaches as they affect major organizations, the same security breaches apply to individuals' computers and other devices. You're probably less likely to be hacked using an exploit, but many computer users have been affected by malware, whether downloaded as part of a software package or introduced to the computer via a phishing attack. Weak passwords and use of public Wi-Fi networks can lead to internet communications being compromised.
As a customer of a major company, if you learn that it has had a security breach, or if you find out that your own computer has been compromised, then you need to act quickly to ensure your safety. Remember that a security breach on one account could mean that other accounts are also at risk, especially if they share passwords or if you regularly make transactions between them.
Although no one is immune to a data breach, good computer security habits can make you less vulnerable and can help you survive a breach with less disruption. These tips should help you prevent hackers breaching your personal security on your computers and other devices.
You'd never dream of leaving your house door open all day for anyone to walk in. Think of your computer the same way. Keep your network access and your personal data tightly secured, and don't leave any windows or doors open for a hacker to get through.