The common definition of a data breach is the unauthorized access, transmission, reproduction, dissemination or sale of personal, confidential or privileged data. A data breach often results from hackers digitally breaking into IT systems, but data that is mistakenly shared by an authorized user with one or more unauthorized users also qualifies as a breach.
Recently, much publicized breaches by Facebook, Panera, Best Buy and others represent various types of breaches, some of which expose the dangers of relying on third-party vendors for payment processing and other functions which require sharing customer records and sensitive company data.
How They’re Different
Facebook–In the case of Facebook’s breach of at least 87 million, users “voluntarily” turned over their personal information (and worse, those of their unwitting FB friends) when filling out a Facebook personality quiz. The British political research consulting group Cambridge Analytica obtained the data and then, in turn, sold that information to political operatives behind Brexit in the UK and to members of the Trump presidential campaign.
In the case of Facebook, once the quiz app was able to harvest information from each of the “consenting” users’ friends, a serious breach occurred. As of now, Facebook is calling it a breach of “trust” rather than a data breach, but few experts are buying that distinction.
Panera Bread–In Panera’s breach, the names, email addresses, home addresses, birth dates and final four credit card digits of potentially 37 million customers were accidentally made available as plain text on the company’s website. This wasn’t the result of hackers, but of someone working on the Panera website, making it a dramatic case of human failure.
Yes, that’s right. Companies don’t have to only worry about cybercriminals and bad actors needing to break in. It’s often their own employees who innocently open the door for them.
Best Buy–For Best Buy, it was among a number of large retailers, including Kmart and Sears, to have data breached due to vulnerabilities with its chat app from customer engagement provider 7.ai. The breach occurred between September and October last year.
While the number of exposed records is said to be comparatively limited–at least for now–it’s indicative of the cyber risk companies face every day when putting their trust in outside providers for various application processes. In the Best Buy (et al.) case, 7.ai lagged in notifying the companies affected by the breach. Delta Airlines, for instance, was notified just two weeks ago. This is a black mark on the customer engagement company, as time is critical if a company is going to effectively respond to a breach.
Develop a Third-Party Provider Strategy
Customers lose faith in companies that cannot protect their data. It doesn’t matter how the breach was caused, they aren’t going to blame the hacker or–in Best Buy’s case–the online chat service that led to the breach. They’re going to blame Best Buy, and the company’s brand will take a hit, even if ever so slight.
That’s why it’s imperative for organizations to have an incident response strategy should breaches occur. This includes planning ahead with third-party providers so that all partners are aware of their responsibilities and know the response drill and the lines of communications they’ll need to employ when a breach occurs.
Here are a few questions businesses need to ask themselves with regards to how they handle customer, supplier, or partner data:
- What protections do we have in place to detect unauthorized access?
- How do we qualify third-party vendors for contracts?
- How do we secure the supply chain?
A key measure in securing your systems, particularly as it relates to these issues, is to develop a managed detection and response (MDR) cybersecurity strategy.
Arctic Wolf’s SOC-as-a-service enables small to midsize enterprises (SMEs) to continuously monitor and respond to their threat environment without needing to acquire and maintain expensive SIEM technology or hire a skilled team of cybersecurity experts. The AWN CyberSOC™ is a cloud-based security operations center (SOC) that combines the people, processes and technology needed for a truly effective monitoring, detection and response.
This means SMEs can attain the threat monitoring and detection they need to stop attacks before they have time to do damage. And, as evidenced by the recent breaches of industry leaders like Facebook and Panera, threats are everywhere and originate in all kinds of ways.