The term “data breach” has dominated the tech world the last 24 months. From breaches that have impacted critical infrastructure like the Colonial Pipeline to hackers compromising healthcare records at UC San Diego Health, headlines of cybersecurity mishaps saturated news in the last two years. Yet, despite the prevalence of the breach-centric news cycle, many everyday individuals may not know what exactly a data breach is, how they typically start, and why they occur.
According to IBM, the average time it takes to identify a breach is 287 days with the average time to contain a breach equal to 80 days. With 81% of businesses experiencing a cyberattack during COVID, it is essential that individuals are familiar with the anatomy of a data breach so they can keep their data, colleague data, and customer data safe.
What is a data breach?
According to Trend Micro, a data breach is “an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner.” While data breaches can result from system or human error, a vast majority of data breaches are the result cybercriminals gaining unlawful access to sensitive system data. In fact, 92% of the data breaches in Q1 2022 were the result of cyberattacks.
What kind of data can be breached?
Unfortunately, cybercriminals will take any information ranging from sensitive information, such as social security numbers and credit card information, to obscure data like purchase history.
What are some of the tactics used to execute data breaches?
Cybercrime is getting more sophisticated each day. However, cyberattack tactics do not have to be cutting-edge or advanced to be effective. Here are a few examples of popular tactics used by cybercriminals:
- Phishing: when a cybercriminal pretends to be a legitimate party in hopes of tricking an individual into giving them access to personal information. Phishing is one of the oldest tricks in the book for cybercriminals, but it is as effective as ever. For example, 80% of security incidents and 90% data breaches stem from phishing attempts.
- Malware: malicious software that secretly installs itself on devices – often from engaging with fake links and content – and gains access to an individual’s device or business network.
- Password Attack: Through password attacks, cybercriminals look to expose user passwords and use the credentials to extract data from a given network.
How to spot a possible breach?
The best way to stop a data breach is preemptively. In short, it helps to use long and complex passwords and to report suspicious emails. If you suspect that you have been the victim of a breach, then immediately contact the Information Security Office immediately at infosec@wustl.edu. We are here to help.
Cybersecurity Awareness Month Test Your Knowledge Competition
We invite you to show us what you know by entering our Test Your Knowledge: Cybersecurity Awareness Month edition.
Complete this activity to test what you know and receive an entry for a Bear Bucks award.
- Grand Prize: $1,000 BearBucks credit
- First Runner Up: $500 BearBucks credit
- Second Runner Up: $300 BearBucks credit
- Third Runner Up: $200 BearBucks credit
Head over to our competition page for more instructions about getting entered to win.