Data Breach Versus Data Leak: What’s The Difference?
In the cybersecurity world, there’s some terminology that can be slightly confusing. One example is the difference between two similar terms – data leak and data breach.
Practically speaking, people sometimes use these terms pretty interchangeably to talk about situations where sensitive data is exposed. But the difference between a data leak and a data breach is actually pretty concrete in some ways. Knowing the difference between them helps organizations defend against either type of loss.
What Is a Data Leak?
A data leak is any situation where sensitive data gets exposed in an improper way.
That covers the waterfront—from certain types of malicious attacks to accidental situations where someone mistakenly sent sensitive information to a big group of people who weren’t really authorized to see it.
In other words, data leaks can result from intentional hacking or from simple errors.
For example, we’ll talk about how a data leak can come in the form of someone attaching a sensitive document to an email and hitting ‘reply all’ by mistake, or from an app that is wrongly programmed to publish items that should be kept private. These things can be damaging to a business, even though no hacking or ill intent is involved.
What Is a Data Breach?
A data breach is more specific. In a data breach, sensitive data gets exposed due to a cyberattack.
Experts classify data breaches based on what type of attack vector was used and who was involved in perpetrating the attack.
For example, there are two main types of data breaches. Data breaches stemming from an outside third-party threat actor or data breaches caused by insider threats, or those associated with the organization.
Insider threats can be further classified and fall into three main categories – malicious attacks, negligent attacks or recruiting situations.
A malicious attack is when some disgruntled employee or contractor, or some insider, achieves a data breach by themselves.
A negligent attack is when a data breach occurs due to the carelessness of an insider. For example, an external hacker who is able to breach a system using an employee’s weak and repeated password qualifies this type of attack as a negligent insider attack.
The third kind of attack, a recruitment attack, involves outside hackers enticing insiders – employees or contractors – to help them in attacking a network and taking the data inside.
What a data breach is not is accidental. Data breaches always carry malicious intent. For example, if somebody mistakenly left sensitive data out and an unauthorized party was able to access it, this type of event would be considered a data leak, but would not be qualified as a data breach.
Cases of accidental loss where there isn’t any hacking are not considered data breaches.
The Difference Between Data Leaks and Data Breaches
You might say that the fundamental difference between a data leak and a data breach is that data leaks may be accidental, but data breaches, by their definition, are intentional. That means companies may need some specific protections against data breaches that don’t apply to a data leak.
Examples of Data Leak Situations
Looking at specific examples of how data leaks happen, business leaders can get more of a vision of how to prevent them.
One of the first kinds of data leaks is the ‘reply all’ situation we referred to above—someone attaches a sensitive document and sends it to the wrong parties by mistake.
That can happen with email, but it can also happen over a multitude of other digital platforms.
Another major category of data leaks is ‘data dumps’ – when a poorly set up application or human error publishes sensitive data without knowing it.
The data is available for all to see, there’s no hacking that needs to be done and the leak was purely accidental.
Another category of data leak involves physical loss, like when papers or flash drives are left lying around.
Then there are cases where sensitive data shows up in the background, as in people taking pictures with the camera and accidentally getting sensitive data captured in images or videos that then go public.
Examples of Events Causing Data Breaches
Threat actors use different attack vectors and threat events in order to breach systems and steal data. Knowing about some of the major ones can help in brainstorming defense strategies.
You have the ransomware attack, which is a popular way of getting value out of stolen data. Basically, the hackers are stealing valuable data and holding it for ransom, assuming the business doesn’t have the backups that it needs to avoid serious disruptions. One of the reasons that ransomware is so scary is that black hats are offering “ransomware-as-a-service” applications, allowing anyone to become a data hijacker quite easily.
Then there are the social engineering attacks that target people as the weakest link in the system. Hackers will try to deceive internal users into handing over sensitive information or account information then use the information they’re given to get inside the network themselves. If they can’t do that, they might use something called credential stuffing, where brute force attacks try to guess people’s passwords and get into the network that way. They may also use Trojans, worms or other malware to compromise the system or breach servers through complicated technical cyberattacks.
There’s also endpoint vulnerability, and insecure application dangers. Endpoint vulnerability has to do with hacks that take place at the edges of a network, where individual users get access. For example, if the hacking takes place at a user’s workstation with something like a remote desktop attack, that’s an endpoint attack. As for insecure applications, hackers can use third party apps to pass code to the interior of a network, which can be dangerous.
All of this illustrates how data breaches can happen through deliberate cyberattacks from outside parties, or can be perpetrated via insiders. Knowing how these attacks work helps the effort to harden systems and seal out problematic black hat activity.
The Threat of Shadow IT
Business people should know about one of the overarching threats in terms of both data leaks and data breaches. It has to do with a phenomenon called ‘shadow IT’ where system vulnerabilities or less controlled components of networks lurk in the background of a system.
This is the basic idea: a business might have customer-facing apps that are tightly controlled. The firm might have a good core network, and some very safe methods of interacting with customers. Still, around that system, if backdoors and applications are not so secure, that’s a problem! If these outside apps have access to the same parts of the network, their own security needs to be up to par, too.
Looking effectively at shadow IT is one aspect of dealing with this full range of data breaches that threaten companies.
How to Prevent Data Breaches and Data Leaks in 2022
As for the question of how to circle the wagons against both of these kinds of scenarios, the most basic answer involves better cybersecurity.
Companies have to up the ante when it comes to protecting their networks and endpoints, and the valuable data inside. They have to throw resources at the problem in order to make sure that they have things covered. Security has to go beyond the perimeter, and into the core of the network, with things like network segmentation, better identity and access management, and hardened systems with encryption, just to name a few.
What all of these things have in common is related to the necessity of better planning. Companies have to be more deliberate in how they shield themselves from these kinds of threats.
Attention to standards is another big component. The NIST recommends using its ‘cybersecurity framework’ to establish a standard for cybersecurity and teach companies how to keep their networks and data safe.
Then there are next-generation, cutting-edge endpoint monitoring and tools and user behavior analytics that work to defend against both bata breaches and data leaks.
New types of endpoint monitoring and UEBA (User Entity and Behavior Analytics) tools allow cybersecurity professionals to track behaviors and look for anomalous behaviors that indicate threat. Robust endpoint monitoring tools take data breach and data leak prevention a step further by monitoring all user activity, including remote desktop sessions.. These powerful tools can often spot the endpoint or network activity that leads to a data threat.
Knowing the difference between a data leak and a data breach helps professionals to understand the cybersecurity landscape and what companies are facing when it comes to data loss. It also helps them to classify different types of problems and threats, and apply solutions in a precise and reasonable way.