Skip to main content

Impacts of Cybersecurity Breaches

When Cybersecurity falls short, breaches happen. Learn about the consequences of breaches for organizations which fall victim to them.

What we’ll be learning

In this article, we’ll be looking at the potential impacts of data breaches. These impacts can range from ongoing cybersecurity concerns to reputational damage for the organization which suffered the breach. We’ll also be discussing how data breaches relate to other cybersecurity concepts such as Incident Response and the CIA Triad.

security-not-an-add-on

Breaches, exfiltration, and data loss

The terms Data Breach, Data Exfiltration, and Data Loss sound similar and are often used interchangeably outside of Cybersecurity. Within Cybersecurity, there are some important distinctions between the three terms:

  • A Data Breach refers to any unauthorized access to data, intentionally or accidentally.
  • Data Exfiltration refers to the intentional and unauthorized transfer of data to an external source.
  • Data Loss is when data becomes unavailable, either temporarily or permanently.

Data exfiltration can be considered a type of data breach. Data loss can sometimes result from breaches, but it can also occur on its own for other reasons.

Using terms from the CIA triad, data breaches and exfiltration are violations of confidentiality, while data loss is a violation of availability.

The damage data breaches cause

Data breaches don’t just have consequences for the breached organization: They can have severe consequences for the individuals whose data was leaked. Someone whose data is leaked can become a victim of identity theft, fraud, account takeovers, and more.

As an organization, suffering any type of data breach is a bad look. Even minor breaches can erode the organization’s reputation and trust among clients and incur financial penalties from regulatory bodies. More severe breaches can result in larger reputational and financial loss, and organizations that mishandle incident response following a breach can make this damage worse.

Case Study: RockYou

RockYou was a company that developed applications for social networks such as Facebook and Myspace. In 2009, RockYou had a breach in which the plaintext passwords of 32 million user accounts were stolen. While the company no longer exists, their legacy lives on in the form of rockyou.txt, a text file containing the passwords stolen in the breach. That text file is still widely used for dictionary attacks.

average-cost-of-a-data-breach

In a worst-case scenario, a breach can completely destroy an organization, either by damaging its reputation beyond repair or by destroying critical assets the business requires to function.

Prevention and response

If data breaches are so bad, then how do we prevent them? It’s a reasonable question, but one without a simple answer. Even if an organization does everything right, it’s still possible for them to suffer a data breach if previously-unknown vulnerabilities are exploited. Fortunately, most data breaches are preventable and make use of known vulnerabilities.

Security professionals need to take a holistic approach to security in order to prevent incidents as well as be ready to perform incident response when incidents do occur. By learning from the incidents that occur, we can more effectively protect against future incidents.

Conclusion

Failing to properly secure data assets can lead to loss of confidentiality, integrity, and availability for that data. In turn, this can lead to serious consequences for both the breached organization and for the individuals whose data was compromised.

While we can do everything in our power to prevent these breaches, there’s no universal way to prevent them. Organizations need to employ security professionals to protect against breaches as best they can, and respond promptly, effectively, and ethically when breaches do occur.