Discuss Data Breach: Its Types, Vulnerabilities and Threats (Essay Sample)

Data Breach
[Author Name(s), First M. Last, Omit Titles and Degrees]
[Institutional Affiliation(s)]
Author Note
[Include any grant/funding information and a complete correspondence address.]
Data Breach
Data breach is an incident of security whereby confidential data, protected data, and sensitive data is stolen, used, viewed, or transmitted by individuals who have no authority to do so CITATION The15 \l 1033 (The 3 Most Common Types of Data Breaches — And How to Prevent Them, 2015). Data breaches can occur on different types of secured information such as; intellectual property, trade secrets, Personally Identifiable Information, Personal Health Information, and financial information. it is estimated that between 2005 and 2008, the US experienced data breaches on over 227 million individual records CITATION OMa15 \l 1033 (O'Mara, 2015). This is a strong indication of how common this dangerous practice is. This paper compares: the different types of breaches of data; the vulnerabilities to data breaches; and the severity of data breaches.
Types of Breaches of Data
Data breaches are of three different types. These are; cyber-crime, skimming, and physical theft. Criminals usually employ a combination of these types to ensure they get the maximum amount of unauthorized information, necessary to cause harm to individuals, firms, and even the government.
Physical theft
This is the theft of equipment, documents, files, Personal Computers, receipts, terminals of Point-of-Sale, servers, and mobile devices, which contain confidential information CITATION Bre16 \l 1033 (Breaches..., 2016). Physical theft, although usually ignored, is a common type of data breach. People often assume it is very challenging to data thieves, yet it is very common CITATION The15 \l 1033 (The 3 Most Common Types of Data Breaches — And How to Prevent Them, 2015). Physical theft usually accounts for more than a fifth (that is 20%) of all data breaches. In the field of health care, physical theft is responsible for nearly 50% of its data breaches CITATION The15 \l 1033 (The 3 Most Common Types of Data Breaches — And How to Prevent Them, 2015). An example of a large-scale data breach involving physical theft was when a veteran affairs worker's laptop was stolen from his personal vehicle in 2006. The laptop contained confidential information for nearly 26.5million veterans and their spouses CITATION Bre16 \l 1033 (Breaches..., 2016). This raised issues such as the effectiveness of working from home with regards to data security.
Skimming
The magnetic strip at the back of credit and debit cards usually contain personal data of their users. Such data include: the PIN number for the card; the name and address of the cardholder; the date of expiry of the card; and many more data CITATION OMa15 \l 1033 (O'Mara, 2015). These data can be captured and recorded by unauthorized persons, a data breach type known as skimming CITATION Bre16 \l 1033 (Breaches..., 2016). Data thieves usually install external devices on merchants' Point-of-Sale equipment to capture and record the customers' data. Dishonest employees also often employ skimming to commit fraud CITATION The15 \l 1033 (The 3 Most Common Types of Data Breaches — And How to Prevent Them, 2015). Data thieves use the stolen data to create debit and credit cards, which are counterfeit of the originals. This leads to a situation known as identity theft CITATION OMa15 \l 1033 (O'Mara, 2015). This enables the criminals to spend clients' money indiscriminately.
Skimming usually occurs in three ways: first, through dishonest employees; second, by data thieves tampering with Point-of-Sale card readers; and third, through use of pinhole cameras. Dishonest employees can take a customer's card, in the pretense of rendering services to the customer, and capture data from the card CITATION The15 \l 1033 (The 3 Most Common Types of Data Breaches — And How to Prevent Them, 2015). For example, dishonest waiters can skim customers' cards while helping them pay bills. Dishonest can install skimming devices at Point-of-Sale, like A.T.M (Automatic Teller Machines) or gas pumps, to record customers' data. Pinhole cameras can also be used to record customers entering PIN CITATION The15 \l 1033 (The 3 Most Common Types of Data Breaches — And How to Prevent Them, 2015).
Cyber-crime
It is the most common type of data breach. it occurs when network environments and systems where a clients' information are processed, transmitted, or stored are accessed without authorization or attacked deliberately CITATION Bre16 \l 1033 (Breaches..., 2016). It occurs when websites or web servers, which are vulnerable to attacks, are accessed by attacking applications. Cyber-crime includes the following activities: release of viruses to networks and systems; release of malware to networks and systems; denial-of-service attacks; web application attacks; and cyber-espionage CITATION OMa15 \l 1033 (O'Mara, 2015). Cyber-criminals mainly employ packet sniffers to carry out cyber-crimes. Packet sniffers are software that intercept data when they are being across networks considered to be secure CITATION Bre16 \l 1033 (Breaches..., 2016). Packet sniffers can obtain a client's personal data and financial information.
Vulnerabilities to Breaches of Data
The increase in incidences of data breach is a worrying trend. Data breaches are costing CEOs (Chief Executive Officers) their jobs and businesses-existential losses CITATION Bas15 \l 1033 (Basu, 2015). It is important that top executives comprehend information security. Circumstances and factors that make organizations vulnerable to breaches of data are discussed below.
Employees
Internal attacks are among the leading threats to information security. This is because employees have easy access to data that are sensitive to the organization CITATION Col16 \l 1033 (Collar, 2016). Unhappy employees can steal devices that contain electronic data, and steal physical data too. Companies that do not maintain regularly their user accounts are easy targets for unhappy and dishonest employees. Such companies can have their data mishandled by employees whose contracts have recently been terminated CITATION Bas15 \l 1033 (Basu, 2015). Additionally, companies that lack tracking of important hard copy documents are at risk information security sabotage by disgruntled and dishonest employees CITATION Col16 \l 1033 (Collar, 2016). Moreover, careless employees are a threat to data security. They can leave their desks with sensitive accounts logged in; or send sensitive information to wrong people; or use passwords that can easily be guessed; or access sites that contain malware. Careless employees make it easy for unauthorized persons to access data CITATION Bas15 \l 1033 (Basu, 2015).
Unsecured Mobile Devices
Mobile devices are a threat to high level data security in an organization. This occurs especially when there is lack of B.Y.O.D (Bring Your Own Device) policy in an organization CITATION Bas15 \l 1033 (Basu, 2015). Employees usually use their own devices in carrying out assignments. Employers lack control of these devices. They do not control the passwords, application, access, and security of these employees' devices, yet these devices contain organizations' data. This autonomy that employees have regarding use of these devices make their organizations vulnera...