What’s a Breach?

Many times, as an Information Security Professional I forget that somethings aren’t common knowledge to my customers. I live in this cyber security world 24/7 but they just dip their toes in the water occasionally. This week we are going to get down to the basics like Vince Lombardi and talk about what the term breach really means. ​

But that couldn’t be farther from the truth. Some instances are of a single employee whose email was taken over. Any messages with customer information have been unintentionally disclosed to a party without consent. In the eyes of most regulations, this is a breach of privacy and rightfully so.

In another case, an accountant could leave a folder with their customer’s 2018 tax return in a coffee shop after grabbing their pumpkin spice latte. Another person walks in grabs their Americano and sits down in the same spot. They see the folder and get curious. This time the person isn’t bad, they just happen to come across the information. But none the less still a breach.

To go all the way to the “disaster girl” end of the spectrum, an intruder could have access to every computer and device a business owns for years without being discovered (… and then burns it to the ground?)
After looking at all those examples … when a breach occurs, does this mean every customer at the organization has now had their information stolen? No, not necessarily.
​
A breach in its most basic form, is when a person gets around a layer of security. In terms of a castle, this could be just crossing the mote. The intruder doesn’t have to get all the way in to be considered a breach, just one layer.
In other words, a breach can be boiled down to a person getting somewhere or something they were not intended to.

For additional information and if you have the time, check out Wired’s “The Wired Guide To Data Breaches”.
For more of my blogs at Tandem check out [here].