What You Should Know About Data Breach
1. Causes of data breach
There are various causes of data
breach, and the following are some of the common causes.
a. Network attacks:
Network attacks are one of the most common causes of data breach. Hackers exploit
network vulnerabilities to break into an organization's servers or data storage
devices and steal sensitive information.
b. Internal threats: Misconduct of
employees or partners within the organization is also one of the causes of data
breach. Employees may steal, leak, or misuse the organization's sensitive
information for personal reasons, work-related reasons, or malicious acts.
c.
Third-party vendors: The organization's third-party vendors may also cause the
organization's data to be compromised due to their own security breach or
misconduct.
d. Human error: Data leakage may also occur due to employee
negligence or improper operation, such as sending sensitive information to the wrong
recipient, loss of unencrypted storage devices, etc.
e. Physical security
issues: such as the loss or theft of unencrypted mobile storage devices, or
unprotected data backups.
f. Software vulnerabilities: Vulnerabilities in
the software used by the organization that can be exploited by hackers to conduct
attacks and gain access to sensitive information about the organization.
g.
Social engineering attacks: Social engineering techniques are used to gain access to
sensitive information of the organization through deception and other means.
2. Types of data breach
The types of data
breach include but are not limited to the following.
a. Personally
identifiable information: including name, address, phone number, email address, date
of birth, social security number, driver's license number, passport number, etc.
b. Financial information: including credit card numbers, bank account
information, payment card numbers, financial statements, etc.
c. Health
information: including medical records, health insurance information, drug
prescription information, disease diagnosis, etc.
d. Trade secrets:
including customer lists, sales data, marketing plans, R&D projects, product plans,
etc.
e. Government secrets: including national security information,
military secrets, intelligence information, etc.
f. Educational information:
including student records, grades, faculty and staff information, etc.
g.
Social information: including social media account information, chat logs, social
network activities, etc.
h. Other sensitive information: including private
information of individuals or organizations, emails, passwords, ID numbers,
fingerprints, facial recognition data, etc.
These data types involve
sensitive information such as personal privacy, trade secrets, and government
secrets, so data leakage can have serious impacts on individuals, organizations, and
society. These sensitive data need to be protected to avoid data breach.
3. Impact of data breach
Data breach can have a wide
range of impacts on individuals, organizations, society and the economy, including
but not limited to the following:
a. Personal privacy is violated.
Leaked
data may contain sensitive information such as personally identifiable information,
personal communication information, financial information, and health information.
When this information is compromised, individuals' privacy is violated and they may
face identity theft, fraud, spam, nuisance calls, and other problems.
b.
Organizational reputation is damaged.
If the organization's sensitive
information such as customer data, employee data, and trade secrets are leaked, this
can damage the organization's reputation, leading to loss of trust by customers,
loss of morale by employees, and even legal action.
c. Economic Losses.
A
data breach can lead to direct financial losses. For example, the organization may
have to pay compensation, legal fees, etc., and may also face a reduction in revenue
due to loss of customers. In addition, data breach can lead to trade secret
disclosure, intellectual property infringement, and other issues.
d. Threat
to national security.
Data breach may pose a threat to national security.
For example, the leakage of state secrets, military secrets, anti-terrorism
intelligence, etc. may lead to national security issues.
e. Social stability
is threatened.
In case of large-scale data leakage, it may trigger social
panic and lead to threats to social stability.
In summary, data leakage can
have different degrees of impact on individuals, organizations, society and economy,
so data protection is crucial.
4. Overall data breach
posture in 2022
a. Background
With the advent of the
digital age, data security has become a common challenge across the globe. Despite
the many security measures in place, data breach still occur from time to time, and
in 2022, various data breach will continue to occur globally.
b. Data Breach
Overview
A data breach is the process by which data is accessed, obtained or
made public by an external or internal person or system without authorization or
permission. Data breach are usually caused by security breaches, technical errors or
human errors.
c. Overall Data Breach Situation
There were 4,145
publicly disclosed data breach worldwide in 2022; the average global loss from a
data breach has reached $4.35 million; and nearly 68 records are compromised every
second.
According to verizon's 2022 report, 36 percent of data breach
involved phishing, and other common data breach vectors included cloud configuration
errors at 15 percent and third-party software vulnerabilities at 13 percent.
The industry that suffered the most data breach was healthcare, up 38
percent year-over-year. The financial sector was next, with the industrial services
and legal sectors also seeing a gradual increase in the percentage of breach, with
the legal sector among the top 10 data breach. Nonprofit, education, insurance and
construction have declined, and the insurance industry has seen far fewer breach
than other industries, accounting for only 2% of cases.
The change in data
breach suffered by each industry in 2022 compared to 2021 is shown in the chart
below.
