Many times, as an Information Security Professional I forget that somethings aren’t common knowledge to my customers. I live in this cyber security world 24/7 but they just dip their toes in the water occasionally. This week we are going to get down to the basics like Vince Lombardi and talk about what the term breach really means.
Let’s get started
When we hear this on the news in terms of cyber security, the term may evoke an image of a business burned to the ground by the little girl in the “disaster girl” meme.
But that couldn’t be farther from the truth. Some instances are of a single employee whose email was taken over. Any messages with customer information have been unintentionally disclosed to a party without consent. In the eyes of most regulations, this is a breach of privacy and rightfully so.
In another case, an accountant could leave a folder with their customer’s 2018 tax return in a coffee shop after grabbing their pumpkin spice latte. Another person walks in grabs their Americano and sits down in the same spot. They see the folder and get curious. This time the person isn’t bad, they just happen to come across the information. But none the less still a breach.
To go all the way to the “disaster girl” end of the spectrum, an intruder could have access to every computer and device a business owns for years without being discovered (… and then burns it to the ground?)
After looking at all those examples … when a breach occurs, does this mean every customer at the organization has now had their information stolen? No, not necessarily.
A breach in its most basic form, is when a person gets around a layer of security. In terms of a castle, this could be just crossing the mote. The intruder doesn’t have to get all the way in to be considered a breach, just one layer.
In other words, a breach can be boiled down to a person getting somewhere or something they were not intended to.
Co-founder + Ethical Hacker
Micheal has over 13 years combined experience in Information Security, Information Technology, and Physical Security. He has tackled some of the most daunting certifications in the industry and his passion for the cyber world is unparalleled with exposure to virtually every industry. He continues to hone his skills in Incident Response, Penetration Testing, and Consulting. Recognizing the need for change in cyber security, he volunteers to help entrepreneurs, veterans, and recent graduates.