Cyber Attack or Data Breach?
These are different concepts
During a Security Incident there is often confusion, perhaps intentionally, about the difference between a ‘cyber attack’ and a ‘data breach’, precisely defining these terms is important.
A Cyber Attack
Includes the results of actions that deny, disrupt, degrade, or destroy a computer system; the effect of a ‘cyber attack’ is an organisation being no longer able to operate as before.
A Data Breach
Is the unauthorised release of controlled information. The effect of a ‘data breach’ almost always results in a loss of stakeholder confidence and in addition, where regulatory compliance is broken, fines and legal action.
It is very possible to have a Cyber Attack and a Data Breach within the same Security Incident.
Cyber Security Incidents
A Cyber Security Incident most often refers to information systems that are being or have been threatened. Whilst it usually refers to something bad, a Cyber Security Incident doesn’t necessarily mean that a breach has occurred.
An organisation that successfully deflects a cyber attack has experienced an Cyber Security Incident but not a data breach.
Example Security Incidents
- Ransomware is a cyber attack: Data has been encrypted preventing access and the organisation is no longer able to operate as before.
- Emailing sensitive information to the wrong person is a data breach.
- Losing a laptop with encrypted storage is a security incident, and whilst the encryption remains effective the information’s confidentiality remains intact, this is not a data breach, but a Security Incident.
I find it useful to use a threshold for Cyber Security Incidents; whilst network scanning, email spam, and phishing attempts are certainly annoying, the impact on these types of actions can be mitigated to remain well below the threshold. In many organisations this level of activity remains undetected and therefore unknown.
Many attempts are stopped or end before the threshold is reached and before a deny, disrupt, degrade, or destroy event occurs.
Whilst network scans, spam and phishing campaigns often have little impact, these activities should be classed as ‘active preparation’. It is a mistake to refer to activity like this as a ‘cyber attack’ as this conceals the announcement of a genuine attack.
Dealing with a Cyber Security Incident
- Advance preparation is a lot cheaper.
It’s either a data breach or it’s not.
Unless an investigation is underway or has been concluded, avoid the term ‘Cyber Security Incident’.
Following investigation, and where no data has been compromised, the term ‘Cyber Security Incident without data being breached’ is correct.
Where data may have been compromised, determine the extent, inform the affected parties and where necessary the regulator, the term ‘Cyber Security Incident resulting in data being breached’ is appropriate.
Final thoughts Cyber Security Incidents
The most clear and present threat to any organisation is Cyber Security. I hear about new ‘active preparation’ activities several times a day, new data breach events several times a week. I hear about office flooding and building fires a few times a year.
Many organisations practice their fire evacuation policy and check sheets routinely. I wonder how many of them have no policy, offer no training and make no preparations towards their cyber risks?
Why choose to work with Sytec?
- We focus on reducing risk
- Our work and checks are separated independent processes
- We consider compliance and security checks as the default
- You will know which engineer has access and when they took action
- You will have phone, email and face to face access to security certified engineers
Sytec provides IT networking, security, audit, consulting, and support services to a broad range of businesses. Based in Salisbury, engineers are available to respond on a same day basis to ad-hoc or emergency requests, and within minutes for customers with a prepaid pool of consultative support.
We enjoy representing many other IT companies who require responsive field engineers, sytec.co.uk/subcontract for more about our coverage and response.