Preventing Cyber Breaches

Home Articles Preventing Cyber Breaches

Cyber breach or data breach

A data breach is an incident in which the information is stolen or taken from the system without having the authorized access or knowledge about owner of the system. A small or large organization may also suffer a data breach. The breached or stolen data may include the sensitive information, confidential data, credit card numbers, trade secrets, customer data etc.

Most of the cyber breaches are attributes to malware attacks or hacking. A familiar example of the data breach is that an attacker stealing information of corporate website from the database. However, not all the cyber breaches are dramatic. Cyber breach can also be done by the attacker if the user has weak passwords and missing software patches (Matteson, 2017). The connectivity of the users with the rogue wireless network can capture the login details as well as other sensitive information which leads to the unauthorized exposures.

While the data breaches are caused by the cyber criminals and hackers, there are also some incidents in which the government agencies and organizations inadvertently expose the credential data or sensitive information on the internet. There are number of methods adopted by attackers or hackers in order to conduct cyber breach such as loss or theft, credit card or payment card fraud, insider leak, and unintended disclosure. Following are number of cyber breaches methods that are observed across the industries:

Steps to deal with cyber breach

  1. Freeze everything: after the cyber breach, take the affected devices offline not make any changes or do not even shut down. By doing this, the ongoing activity can be stopped by limiting communication between the impacted systems.
  2. Ensure that the auditing and logging is ongoing: ensuring that the auditing of existing system remains intact and operational is one of the most important and useful steps in which the scope of the cyber breach can also be determined. If the auditing is disable then restore before further proceeding. It is helpful in establishing whether the breach is ongoing.
  3. Change password or lock the credentials: the locking credentials as well as changing password is the common tactic in order to investigate the cyber breach. This step may be applied on all the included accounts, whether suspected or confirmed.
  4. Communicate the details with the appropriate internal personnel: there are number of communication as well as notification processes that can be included after the occurrence of cyber breach.

Reported data breaches

Following are the reported data breaches 2008 to 2016 (Breach, 2018):



Number of records stolen



Between 2013 and 2014


Email service provider


May 2016


Social media website




Social media website


Between 2007 and February 2013


Credit bureau

Heartland Payment Systems

March 2008


Credit and debit processor


17 February 2012


Internet portal and email service provider

TJX Companies

December 2006



Targets of cyber breach/ data breach

When it is of value to the third party, business data only become the target for cyber breach. Different types of data are valuable to the third parties and also represents the levels of risks to the business such as the personally identifiable information which include the data such as the social security members, birth dates, education, contact information, and other persona information. The financial information includes the charge card numbers, bank accounts, expiry dates or investment details. The health information can also be the targeted by the cyber criminals in order to perform the cyber breach. The health information can include the details on the health conditions, medical records, treatments, and the prescription drugs. Along with this, the cyber breach may also include the intellectual property breach that can include the product manuals and drawings, specifications, marketing texts, symbols, scientific formulas etc. Other sources of cyber breaches include legal information, IT security data, or competition information.