What is a data security breach? 

A data breach or data security breach is a security violation that occurs when confidential or protected information is exposed to an unauthorized party. This usually occurs when a cybercriminal or illicit user gains access to your network and exposes classified or protected information.

Hackers usually infiltrate a system using the following attack methods:

1. Research

Hackers are intelligent. They’ll often spend much of their time prior to an attack researching an enterprises infrastructure, network security and access points. They’ll also research employees within an organization and spend time pinpointing their weaknesses.

2. Attack

Attack methods are primarily network based or social based. Network attacks occur when the attacker gains access to an organizations systems, applications, or infrastructure through specific vulnerabilities within the enterprise.

Social attacks occur through social engineering tactics such as tricking people into handing over key information via impersonation through phishing and vishing attempts.   

3. Exfiltration of data

Data exfiltration, or data exportation occurs when a hacker gains access to internal applications, systems or networks, and begins to extract confidential data and information.

A data breach can happen at any time. Whether it’s sensitive information you need to maintain your competitive advantage or records that meet regulatory demands — all data must be safeguarded. When it’s not, the fallout from protected data being exposed or stolen is often steep.

3 in 5

organizations expect to
be breached


believe they won’t know
when it happens

Data breaches can include the theft of intellectual property, the disclosure of customer personally identifiable information, theft of customer financial information, healthcare data and more. According to Risk Based Security’s Data Breach QuickView Report, there were 5,207 breaches reported worldwide through the end of 2017, exposing approximately 7.89 billion records. Many of those records resided on discs, hard drives, removable storage, mobile devices and other places where unstructured data is stored.

No industry or business is immune to cyber threats or security breaches. And because data breaches often require public notification to customers, partners, vendors, shareholders and government agencies, it’s difficult to keep them private.

How can SailPoint help you comply with CCPA?

Our open cloud identity governance platform makes it easy for you to stay compliant by seeing and controlling access to all your apps and data for every user, including bots.

Discover How

The cost of a data breach is rising.

The cost of a data breach is high and getting higher. SailPoint’s 2017 Market Pulse Survey reported 67% of enterprises were breached in 2016, at an average cost of $4 million.

Numerous items factor into these costs, including the size of the breach, detection and escalation costs and post breach expenses like helpdesk resources, remediation, legal costs, identity and credit protection services, regulatory penalties and more. The numbers also go considerably higher for breaches in regulated industries. For example, a healthcare data breach can cost, on average, up to $7 million.

But the costs don’t stop there. A data breach can also impact your bottom line with a loss of customers and damage to your brand and reputation. The sheer volume of data breaches and recent high-profile breaches show just how big of a challenge cybersecurity is and how difficult it can be for even the most well-intentioned enterprise to avoid.

Types of security breaches.

Cyber criminals are becoming increasingly more advanced, which has led to an uptick in data breaches in recent years. Even the largest most secure enterprises in the world are no longer immune.

There are hundreds of different types of data breaches out there. Here are some of the most common to look out for as well as examples of how they may occur.

1.Compromised credentials

One of the most common types of data breaches is stolen or compromised credentials. And more likely than not, this is a result of poor password management. Protect your digital identities (credentials) by never reusing passwords, using strong credentials, having multiple methods for authentication, as well as a strong password management system.

2.Malware attacks

Malware is malicious software installed on a user’s device that allows the hacker to access personal data and information. The most common types of malware are worms, viruses, bots and botnets, ransomware, trojan horses, adware, spyware, phishing, and more.

3. Ransomware attacks

Ransomware attacks are when hackers install software on your device that is used to encrypt your files. It’s a type of malware attack that takes over your device and holds it hostage until you can pay a ransom.

4. Phishing

A phishing attack occurs when a hacker obtains user data through impersonation. They’ll often send an email or text, trying to get users to click on a link or download a file that will install malware on your computer.

Similar to phishing is a vishing attack. This is an attack that gets people to give up confidential information via a phone call.  

5. Keyloggers

Hackers can install malware called keyloggers, which record keystrokes on your device such as password usage. They can then use this information to access your sensitive information.

6. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks

Denial-of-Service (DoS) attacks happen when hackers completely shut down and take over a network, information system, machine or device. They do this by flooding and crashing servers, preventing a user from accessing the system.

A Distributed Denial-of-Service (DDoS) attack occurs when multiple computer systems attack a target by flooding it with so much traffic that the server crashes. This is often performed through a botnet, which is a series of connected devices that perform malicious activity.  

How can you prepare for a data breach?

Following good security practices and cybersecurity frameworks is a great start, but whatever approach you use, you should know some key facts. The first is that the traditional network perimeter no longer exists. With more employees working remotely, they’re often not accessing resources through a heavily guarded network. But even when onsite workers are, attackers have become increasingly skilled at getting through traditional enterprise perimeter defenses.

Secondly, the number of identities and nature of enterprise identity management is changing. The growing number of users accessing sensitive resources include employees, contractors, partners, suppliers, vendors, customers and even bots. And the Internet of Things (IoT), with automated robotic processes, is transforming the very notion of identity.


of enterprises with BYOD and Shadow IT have a formal usage policy


of enterprises are concerned with the threat posted by contract workers

Identity must be at the core of your security program if you want the best strategy for preventing sensitive data breaches. Effective identity management helps you enforce who should have access to what systems, applications and data. And if something does go wrong, you’ll have a wealth of information within access logs to help you determine how the breach occurred.

According to SailPoint’s 2017 Market Pulse Survey, while enterprises surveyed understand the data breach threat, they lack a high-level of visibility into their systems. Fortunately, respondents were aware that the best way to gain that visibility is through identity management. More than half see identity management as foundational to their future security strategies, and 87% understand how crucial strong identity is to an effective security posture.

Rather than hoping a breach never occurs, it’s better to mitigate as much risk as possible. Whether it’s stored on-premises or in the cloud, proactively securing as much of your sensitive data as possible is the best way to avoid a data breach.

What to do if your data is breached.

Unfortunately the reality is that many organizations will experience a breach and need to know how to best respond. Whether it’s a breach that was interrupted or a full breach that will require broad public disclosure, a quick response is key.

Effective data breach preparedness includes the ability to quickly investigate what systems and data were compromised, how they were compromised and what data may have been accessed. It also requires having the right technical, legal, cybersecurity, public relations and corporate leadership team in place so the public announcement goes smoothly.

The role of identity governance in prevention.

Prevention, detection and response is the battle cry of cybersecurity experts everywhere and identity touches each of these core tactics. By giving users the right access to the right data at the right time, you’ll prevent data from being a free-for-all in the first place. Detection can happen more quickly when you have the ability to see user behavior and know when something isn’t right. And being able to lock down compromised accounts quickly is critical to your success.

Identity governance provides visibility and control of user access across your enterprise. It answers three important questions:

  • Who has access to what?
  • Who should have access to what?
  • What is being done with that access?

By putting identity at the center of security and IT operations, you’ll be able to better mitigate the risks of a breach and protect the information you need to succeed.

SailPoint Predictive Identity can help
your organization.

See and control access to all your apps and data for all your users, including bots.

Get Started Today