Although the terms data breach and data leak are sometimes used interchangeably, they are actually quite different and can therefore require slightly different approaches when it comes to cyber security. So what are the differences?
What is a data breach?
A data breach is when an outside actor deliberately hacks into your systems to access or steal your data. These are commonly caused by either malware – e.g, ransomware, viruses and trojan horses – or through social engineering – where employees in a company are lured into sharing data or giving access to confidential areas of a network.
These are becoming more common, as data is very valuable to criminals. Hackers can either sell the data on the black market, or force the company to pay a ransom to release or return it. In 2022, $456.8 million was extorted from victims through ransomware attacks. And attacks are not confined to big multinational corporations, as governments and public infrastructure have also been targeted in recent years.
What is a data leak?
In contrast, data leaks usually occur because of an internal weakness to security systems. This could include poor handling of data or flaws in internal systems and processes. Often data leaks are caused accidentally, for example through human error or overlooked vulnerabilities, but occasionally they can be caused intentionally, by a disgruntled employee or whistleblower.
And the opportunity for a data leak can arise quite easily. Even NASA, in a 2022 audit was found to have several incidents of improper use of their IT systems, including failing to protect sensitive but unclassified information. The penalties for companies who fail to sufficiently protect sensitive data can be substantial. In 2022, Interserve Group was fined £4.4m for failing to keep the information of its staff secure.
How to prevent both?
Whether your company is the victim of a data breach or is involved in a data leak, it can have a serious impact on your reputation and finances so it is crucial to take all steps possible to avoid both. That includes maintaining good cybersecurity practices (such as strong passwords, restricting access to confidential data and ensuring all software is up to date), continuously monitoring for external threats, and ensuring staff are educated on how to spot social engineering attacks.