The data breach is considered a phenomenon with the unintentional information disclosure or the leakage of the data and the spilling of the data. This also includes the theft or the loss of the digital media like the computer tapes containing the media where the information is unencrypted with the posting of information on WWW. The focus is also on handling the transfer of the information to the system which is accredited for the security at the approved level. The notion is about the information transfer to the information system with the hostile agency set with the competing corporation which is also exposed to intensive decryption techniques (Ablon et al., 2016).. There is a need to focus on the status of legislations around the US and the other developed countries like England, Germany, France and Australia.
Causes for data breaches
As per the analysis, it is important to understand the reasons of the data breaches which includes the miscellaneous errors, the misuse of the insider and the privilege threats, the physical thefts and loss. There are other data breaches mainly due to the denial of service, crime ware, web-app attacks, point of the sale intrusions and the payment card skimmers. The weak and the stolen credentials, the application vulnerabilities and the social engineering where the hackers can lead to the exploitation of the data (Green, 2017). It has been seen that the weak and the stolen credentials are the major issue for the vulnerability of the system. It not only affects the application setting or the network protocol but destroys the function setting as well. The back doors and the application vulnerabilities are mainly depending upon accounting where the issues are including the brute-force methods and the SQL injection methods. There are certain malicious or the criminal attacks which are mainly due to the finance, espionage and due to fun as well. The breach of the data is a major cause of the human error and needs to be handled so that it can be prevented as soon as possible. There are failures to the applying of the system patches with the employees who tend to leave their laptops unlocked and they are easily stolen. Some of the system glitch are also a major issue which needs to be taken care of, with application failure, logical errors in the transfer of data and the inadvertent data dumps. The companies work over the indirect costs where the standards are set for handling the investment in the security and then managing the cost of under control.
The malicious and the intention, system glitches and the human error are found to be the well-planned breaches which are targeted and worked upon by the hackers. Here, the phishing, scams, hacking, fraud, cybercrime are some of the issues in the data systems which are implemented. The e-commerce trading operations undergo the simulation of the targeted attack response testing where there are issues related to the intentional tampering by the disgruntled employees. There are people who tend to share the passwords and the people make wrong use of the same. ISO 27001 is one of the best practice framework which has been set to define the information security management framework to handle the security breaches accurately.
Steps the businesses could adopt that would minimize the impact of data breaches
For the proper handling of the data, there is a need to measure the inventory with the different types and the quantity of the files. This includes the proper handling of the data and safeguard the information which includes the updating of the procedures, educating and then training the employees. The control of the computer usage with the security of the computers will help in keeping the security of the software and maintaining it up-to-date. With this, there are different procedures which includes the working on system processes with the reduced data transfer and working over the protection of information (Braunstein, 2016). There is a completion of the annual privacy and the security risks assessment which are based on identifying the legal and the regulatory requirements. The gaps are analysed with the protection and providing a comprehensive view to check on how the different types of the data are disclosed with the applicable regulations, potential level of the harm to the affected individuals. The organisations are working on the reduced legal and the reputational standards where the financial liabilities are set for the assessment of the privacy incident and the development of a proper response to the data breach as well. The other breach is the breach from the email files which includes the protection of the health information and then the email is sent to the team members of the healthcare organisation. Hence, for this, the development of the breach response team and the process is important for properly monitoring and handling the protection products as well. This will help in updating the policies and the procedures which are set with the changing technologies and law.
According to the German Data Protection Act there have been certain different data processing in the public and the private sector that includes the electronic information and the communication services for the transmission of the electronic goals. It is important for Germany or any other country that they should be prohibited from the use of the personal data till there is a law which permits this and works on the informed consent as well. The law is about the issues which mainly targets on the data minimisation and then safeguarding the same against the transmission of the personal data to the third parties. The deviation is mainly to adhere to the pre-existing terminology and concepts where there is a focus on the security requirements, accessing the personal information and the objects. The organisation need to work over the data and the restricted downloads which serve as the alliance to the hackers who should be restricted to download the data, use of firewall setting etc. A proper consent, transparency to the provider will help in protecting the breach of data.
Three major data breaches during the last five years (2012 to 2017)
- Equifax in 2017, is one of the attack of the largest credit agencies in US which has suffered and affected the consumers. The data sensitivity of the data has been stolen with the SSN numbers and the driver licence numbers. The hackers are also able to gain the access to the company system with exploiting the weak point in the software of website. They sought the assistance from outside the forensics forms where the data is compromised and set to include the full names, address and the other personal information (Kashmiri et al., 2016). It is important to deal with the same through checking the credit reports, considering the placement of the credit freezing of the files and working over the monitoring of the existing credit cards and the bank accounts closely.
- SVR Tracking: The attack of the auto-dealership with the ability to locate and recover the vehicles. It allows the customer records to be leaked in the online system. with this, there are issues about the notification for the SVR tracking and finding the security of the data within the time of 3 hours. This has been not known about the availability of the data that is available online. It included the email address, passwords, and the other plate numbers with the ability to check the single place of the vehicle. The breach has been dealt through the proper analysis and monitoring of the details of the fraud alert of the files and then working over the identification of the theft victims. (Mikhed et al., 2017)
- Verizon in 2017: It has been seen that there are subscribers who have been mainly affected by the breach of the data where the customer services have been contacted a lot in the last few months (Solove et al., 2016). The records are held by the server which is controlled by the Israel based Nice Systems. The breach is mainly with the security firms where the information is about the data exposure and working over the security of the breached data. The actual data is obtained where the log files tend to generate when the customers contact the company. For the proper handling of the data, there is a need to measure the loss of the encrypted network connection with the dates of the secured standard related to handling the SSN numbers as well (Ogbanute et al. 2016).
The breach of data has been the major issue in the system where the loss of the corporation information and the damage leads to the destruction of the assets. In most of the cases, it has been seen that the data breach is mitigated by providing the victims with the subscription for the credit reporting agency with the new credit cards etc (Simon et al., 2016). There are different industry guidelines and the government compliance regulations which are important for the strict governance of the sensitive or the personal data to avoid the breach and work over the corporate environment with handling the Data Security Standards.
Ablon, L., Heaton, P., Lavery, D., & Romanosky, S. (2016). Data Theft Victims, and Their Response to Breach Notifications.
Braunstein, A. (2016). Standing Up For Their Data: Recognizing the True Nature of Injuries in Data Breach Claims to Afford Plaintiffs Article III Standing. Journal of Law and Policy, 24(1), 3.
Green, N. (2017). Standing in the Future: The Case for a Substantial Risk Theory of Injury in Fact in Consumer Data Breach Class Actions. BCL Rev., 58, 287.
Kashmiri, S., Nicol, C. D., & Hsu, L. (2016). Protecting Retailers Against Contagion: Exploring the Shielding Role of Marketing in the Negative Spillover of the Target Customer Data Breach. In Celebrating America’s Pastimes: Baseball, Hot Dogs, Apple Pie and Marketing? (pp. 309-309). Springer International Publishing.
Mikhed, V., & Vogan, M. (2017). How Data Breaches Affect Consumer Credit.
Ogbanufe, O., & Avery, A. (2016). Breaching News: Does Media Coverage Increase the Effects of Data Breach Event Disclosures on Firm Market Value?.
Simon, S., & Perkins, R. (2016). AN ANALYSIS OF DATA BREACH INDUCED TRAUMA: AN EXPLORATORY STUDY. Journal of Information System Security, 12(3).
Solove, D. J., & Citron, D. K. (2016). Risk and Anxiety: A Theory of Data Breach Harms.