Article 4 of the General Data Protection Regulation (“GDPR”) states the following definition for ‘personal data breach’: “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.” In other words, a data breach materializes in the event of an unauthorized access or disclosure of a restricted and secured data.
It is important to familiarize yourself and your employees with the major types of data breaches to protect your organization and to maintain confidentiality, integrity and availability of your data, known as the CIA Triad. The Triad ensures that data remains confidential by protecting it from unauthorized access, that the data is true and reliable by maintaining integrity, and that the data is available to authorized users. Here are some examples of the major types of data breaches and their relation to the CIA Triad.
These attacks are orchestrated by individuals or organizations to attempt to maliciously and deliberately breach and disrupt another individual’s or organization’s information system. This can include malware, phishing, SQL injection, DNS tunneling, zero-day exploit, brute-force password cracking and social engineering. A cyber-attack undoubtedly affects the confidentiality of your data. It can also affect the integrity of your data if the cybercriminal manipulates your data in a concealed manner.
Data breaches do not only occur with electronic data but can also occur with the theft of physical documents or devices that carry sensitive information. Accordingly, steps should be taken to securely dispose laptops, computers, USB keys and so on. Members of your organization should always be attentive of where they leave their mobiles or devices unattended and implement adequate security. A breach by physical theft can affect the confidentiality and the availability of your data.
Data breaches could also involve an insider threat implication, meaning when an individual inside your organization decides to release data to another person either deliberately or unknowingly. In most cases, people tend to leak personal information in the hopes of making money off the information. A breach of this nature will affect the confidentiality and the availability of the data you possess.
These attacks generally occur unexpectedly through a message sent on any given social media platform, an email or a harmful website. Ransomware is performed by hackers to gain control of the data hostage of an end-user in pursuance of extracting their funds by encrypting the information and restricting access or legibility. Studies suggest that ransom payments are often unsuccessful and that individuals and organizations should steer clear from payments, however, in some cases refusing to pay could cost businesses more when choosing to recuperate. These settlement amounts can vary tremendously from low to high demands. Nonetheless, there are valid reasons as to why you should resist from making payments: 1) there is no guarantee of recovery 2) you will be supporting this type of behaviour for others to carry out the same acts and 3) you will be funding criminal organizations. If you do not want to be under the gun for a ransomware payout, back-up your data properly, acquire the most suitable security tools for anti-ransomware, restrict admin rights and, above all, train all members that belong to your organization. An attack of this kind will affect the availability of your data.
We all make mistakes whether we intend to do it or not, it is out of our control at times. These mistakes can happen due to several reasons such as a negligence, preoccupations, lack of determination, concentration or resources. Regardless, you can always better yourself and save face by taking sensible actions and decisions. A human error, depending on the kind, could affect the entire CIA triad.
As an organization, your main goal should be to maintain confidentiality, integrity and availability of the data that you control and/or process. To learn more about how to implement and maintain an effective CIA triad, contact Demkor at [email protected] or visit our website at www.demkor.com.