It’d be churlish to call most UK businesses complacent, but statistics suggest that a large proportion still aren’t taking the required steps to keep themselves and their customers protected.
Less than one third of UK businesses and charities admit to having undertaken a cyber risk assessment in the last 12 months, despite just as many suffering breaches or attacks in that same time frame*.
For many, the word ‘breach’ has some dramatic connotations – the idea that data has been entered into and snatched away by some seriously shady cyber-criminal, for example – but the concept of data breaches covers a wealth of causes and instances, some of which might seem innocuous.
Hacking, phishing, ransomware, malware… we’ve covered them plenty of times in the past, but they’re still the menacing poster child for data breaches everywhere. They remain a major concern – not least with such high-profile cases as the attack on The Police Federation of England and Wales – but it’s easy to forget the other forms of breach when this one is so frequently sensationalised.
Whether human error or an act of sabotage, employees are one of the most common reasons that data breaches occur. Whilst this can often be off the back of cyber-crime – falling for such tactics as phishing or malicious downloads – don’t overlook the myriad opportunities for employees to make a simple, honest mistake.
Unlike internal threats, this is a relatively rare occurrence – but like internal threats, it can occur either accidentally or maliciously. In less savoury circumstances, data alteration could occur when an employee wishes to amend information for their own intentions, or simply to sabotage their company’s records. Otherwise, data alteration could be an honest mistake – a simple instance of entering the wrong details that nonetheless has far-reaching consequences.
Even if a business keeps copies of its data over multiple sources, none are truly immune to breaches. That goes double for anything kept on physical storage. Removable hard drives, USB sticks or other forms of transferring data physically can easily be misplaced, lost or indeed stolen, should the temptation or opportunity present itself. Whilst we wouldn’t rule out physical storage altogether, it’s rarely a good idea to rely on it alone for your most sensitive company data.
A prolific and controversial breach by one so-called hacktivist named ‘Weev’ occurred in 2010, when he discovered and disclosed 114,000 AT&T customer details on the internet. AT&T had stored this information in an insecure, near-public location that anybody with enough sleuthing skills could access – meaning that no hacking at all was involved. Whatever the technicalities, the availability of this information constituted a serious and rather embarrassing breach of customer details for AT&T.
Destruction can happen on both software and hardware levels. On a software level, data is just as vulnerable to accidental deletion as it always has been, susceptible to data corruption or once again, human error. On a hardware level, data destruction can occur when integral hardware which houses data is irreparably damaged by hardware failure, accidental damage, or natural disasters such as fires or floods.
It’s not always a catastrophe, but sometimes even the smallest hiccup can still be considered a data breach; an unlocked computer displaying personal information is technically breached the moment an unauthorised user makes a quick glance over their shoulder. Sometimes, the cause can be something a little more serious, like when an admin grants high-level data clearance to a user who shouldn’t have those permissions. Granted, these instances will rarely need reporting to the ICO, but as the number of instances rises, so too can the severity of these breaches.
As you can see, it isn’t just hacks or intrusions that classify a data breach, but anything that compromises or confiscates your access to data.
Similarly, it’s not just your firewalls or security software that protect you from breaches. Staff Phishing and cybersecurity training, and a dedicated Data Backup and Disaster Recovery Plan gives your business continuity - even after the worst has happened.
We’re looking forward to sharing more of Laura's unique and discerning insights into IT, IoT and Security.
*Department for Digital, Culture, Media & Sport Cyber Security Breaches Survey 2019
Daunted by Data Breaches? Prepare yourself for both before and after with our Data Breach and Disaster Recovery eBook.
Our free Preparing for Data Breaches eBook covers everything you’ll need to prevent a major data disaster – as well as what to do if the worst were to happen.
Click the image to download.