Anatomy of a Data Breach, Part 2: Data Theft

A busy accountant and mother of two young children who lives on a tight budget is shocked to discover a $1,700 charge on her credit card billing statement for an HD 43-inch outdoor Smart TV she knows she never purchased. Soon after, she learns from a national news story of a sizeable data breach that was reported by her healthcare provider.

It soon becomes clear some of the accountant’s own personally identifiable information (PII) obtained from her provider’s client database has found its way on the Dark Web and is being used to commit fraud. Data she believed secure has proved to be anything but. Her shock and frustration turns to anger at the provider she thought she could trust.

In our previous post in this Anatomy of a Data Breach series, we examined the continuing problem of ransomware. In this post, we look at data theft, another type of data breach which impacts many kinds of enterprises, as well as people who trust them.

The growing phenomenon of data theft

Data theft comes in many forms, but has been summed up like this: “Data theft occurs when any data that was not intended to be shared is obtained, normally in a malicious or illegal way.” While ransomware remains the most common type of data breach, where the targeted data is encrypted and held hostage for a price, data theft as a separate and distinct activity has been an issue for at least as long, emerging in recent years as a particularly widespread and dangerous cybercrime.

With data theft, the information itself is the target, and the more sensitive the better. Unlike ransomware, in which the criminal alerts the victim to the crime in order to turn a profit, data theft is undertaken entirely in the shadows. Whether enabled by internal breaches or insufficient security, data theft can potentially continue indefinitely without the victim ever knowing about it. According to a 2021 IBM study, “…organizations take 187 days on average to detect a data breach, during which time the damage will escalate.”

Some industry sectors have seen recent sharp increases in data theft. For example, nearly 50 million Americans had sensitive health data breached in 2021 alone, according to U.S. Department of Health and Human Services data, a threefold increase in three years. While credit card information stored by retailers is an obvious target, the hospitality industry and higher education also report a serious and growing trend in data theft attacks.

How data theft happens

Data theft can take many specific forms. In addition to PII theft, it includes stealing sensitive psychiatric records, exposing police informants and undercover agents and pilfering confidential employment records. Cyberattackers, which range from individual “black-hat” hackers to organized crime to overseas operators, seek to monetize exfiltrated data on the Dark Web or within their own circles.

The market for purloined personal data is vast and incorporates a number of widely recognized cybercriminal rings as well as those who traffic with them. Damage from data theft can extend from the purely financial to the deeply personal, even potentially lethal. For businesses, one sometimes-irrecoverable impact is a loss of trust from their customers and employees, such as in the case the accountant faced with the fraudulent credit-card charge.

Companies that maintain and develop a robust PII database often become lax at monitoring the networks on which they are situated as they expand. This often creates new system vulnerabilities that in turn open additional avenues for infiltration without detection or prevention. Think of outdated system security tools that have not been replaced, or former employees who still have backdoor access to the platform.

How to protect against data theft

When it comes to preventing data theft, no enterprise can be too proactive. Deploying a system that automatically encrypts all PII, including Social Security numbers, addresses, birthdates, etc. is critical. Also vital is maintaining awareness of the risks and vulnerabilities associated with legacy hardware and systems, even (especially) system features you no longer use or may even be aware of.

Comprehensive security solutions enabled by platforms such as Managed Network Edge provide enterprise-wide visibility that detect attempts to compromise your data and monitor traffic within the enterprise to prevent exfiltration. Also worth considering are secure cloud services like Cloud Connect that put the protection of critical application data at the center of broader, enterprise-level cloud integration and optimization.

You should establish protocols that prompt regular updates to passwords and other elements of your security network vulnerable to social engineering. Train employees to identify and avoid phish-y emails while approaching external interactions with caution. And be aware of who is using your system at all times, ensuring that they are properly authorized.

In the words of cybersecurity systems provider Fortinet: “It is important to remember that any organization’s cybersecurity strategy is only as strong as its weakest link. It is therefore vital for all employees to follow cybersecurity best practices and not take any actions that put them or their organization at risk of a data breach.”

How will data theft evolve?

Unfortunately, data theft promises to become ever-more widespread as the value and criticality of data continues to increase in an information-centric society.

As more enterprises are victimized by data theft, an overarching moral to this story is that no one is safe. In fact, smaller businesses are increasingly being targeted along with larger ones, as they are seen as less focused on security. Protecting PII is critical to every enterprise’s short- and long-term success.

The accountant in the above example can be expected to look for another healthcare provider, one with a better reputation for preventing data theft. Her provider thus becomes a victim both of the initial theft and a subsequent loss of business. Taking vigorous action to prevent repeated data theft is one positive outcome, if undeniably less positive than taking steps to avoid the problem in the first place.

Cyber protection requires not only a defense-first mentality but a defensive-minded partner who can offer an active, consultative and experienced perspective on the many data-theft pitfalls that stand in the way of an enterprise’s growth. Learn how to secure your business from data theft and other cybercrime threats with Spectrum Enterprise managed solutions.