How data breaches happen and why it takes so long to discover them

When the term “data breaches” is used today, it generally refers to incidents where millions of confidential records have been stolen. These incidents are primarily perpetrated for financial gain and often involve months of “scoping-out” an organization to find any glitches, loopholes, or vulnerabilities that can be exploited. While cybercriminals sometimes actually do find security risks that can be exploited, a lot of times they just get lucky when an employee or unsuspecting victim accidentally leaves information unprotected or exposed over the Internet. Whether intentional or accidental, once the deed is done and sensitive information is lost, the cost in terms of damage and reputation is pretty much the same. It isn’t a case of only small or medium-sized businesses with outdated equipment being at risk either since enterprise organizations have been successfully targeted in almost every sector including top public cloud providers like AWS and Azure.

How notorious negligence leads to data breaches

data breaches

This year alone, financial companies like Capital One and First American Financial, social platforms like Facebook and Evite, and even medical and government agencies like the AMA and FEMA have had their defenses breached. While this is in part due to cybercriminals using newer techniques and technologies, it mostly occurs due to negligence. This includes not updating security measures, using legacy security systems, using weak or default passwords, inactive files, and default security settings. Good examples of the modern-day cost of carelessness include the server misconfiguration at Capital One that caused 106 million records to be leaked and the unsecured MongoDB instances that affected 275 million users. The breach at Evite this year is another good example since an inactive data storage file was what caused 10 million accounts to be compromised.

In addition, the embarrassment caused when leaked records number in the millions, breaches left open unintentionally can often go undetected for years before anyone figures out the issue. In fact, breaches have often gone undetected till account-related information actually started popping up for sale on the dark web. This year, the breach discovered at First American Financial that exposed 800 million records including Social Security and bank account numbers, had been open for two years. This was caused by the website not authenticating browser access to its documents and finally discovered and reported by a real estate developer who figured out that by simply changing numbers in the website’s URLs, millions of documents with sensitive information were visible to all. Similarly, Planet Hollywood and other restaurants belonging to the Earl Enterprises chain had malware installed on their POS systems, causing a 10-month long breach during which credit card numbers were available along with the cardholder names and expiration dates.


data breachesAccording to a study by IBM, it takes about 197 days to identify and 69 days to contain a breach, while another study by Verizon suggests 66 percent of breaches can take up to a year discover. Yet another study by Ponemon Institute says it takes an average of three months to discover a breach and another four months thereafter to resolve it. Based on all the above reports, it’s pretty safe to say that we take way too long to discover and rectify breaches This is pretty critical since the damage done by a breach is exponentially increased depending on the time it takes to rectify it. If financial information is involved, like in the British Airways breach last year, even 15 days can be catastrophic. That’s 15 days of customers’ financial information being out there in the open where any passing cybercriminal can get their hands on it.

One of the main issues with resolving modern-day data breaches is the fact that they rarely disrupt services to a point where there are any actual indications that a problem has occurred. Additionally, it’s in the best interest of the attackers that victims remain unaware of the breach, so they obviously do everything in their power to cover their tracks and have us believe everything is just fine. Ignorance is, of course, bliss to cybercriminals. Modern-day security needs to be active like the cybercriminals that spend months studying infrastructure, looking for vulnerabilities. In stark contrast, we can’t sit around waiting for something to break and our phones to beep, those days are gone.


While the first priority is obviously to ensure that attacks that cause data breaches don’t occur in the first place, there’s really no such thing as foolproof security that lets you sit back and relax. Modern-day security entails being as proactive as the potential hackers and “self-scoping” out your own environment for threats and vulnerabilities. Netflix had the right idea with their Chaos Monkey program that wreaks havoc around their own environment since it essentially keeps employees ready and prepared for any incidents. Before you go “Wreck-it Ralph” on your own environment, however, you can start by conducting basic checks for potential vulnerabilities within your environment. Some organizations even hire professional testers to use the same techniques as cybercriminals to breach the system in a controlled manner. Finding threats in advance of potential breaches not only saves money but also trust and reputation. The last thing an organization wants is to be known for a breach as opposed to their actual area of business.

Other best practices involve controlling access by using strong credentials, passwords, and multifactor authentication, as well as taking extra care when using third-party vendors. We assume third party services are secure and it’s this assumption that leads to a quite popular way of having your data stolen. IoT devices also need extra consideration as they’re especially vulnerable being always connected to the Internet and often have ancient security systems with default settings that are inherently insecure. Educating employees and enforcing BYOD policies can help in making sure everyone is alert, on the same page, and ensuring that no malware enters the system through mobile devices. Software or data storage that’s unused and outdated should be discarded from the stack as unclaimed baggage is a favorite target for attackers. Additionally, all software should be updated and patched as soon as possible to prevent vulnerabilities arising from older versions.

Avoiding data breaches: Always an uphill battle

While data breaches are only getting more frequent and more severe, traditional security measures are losing the war for data security. There isn’t a single sector that has remained unaffected, neither is there a single security measure that’s all-encompassing with no exceptions. What’s worse is that getting breached isn’t even the major problem anymore, it’s detecting it quickly, which just goes to show how far behind we are in terms of security. This is because no one is going to notice a breach unless everyone is constantly looking for one. And it’s just that aggressiveness toward finding vulnerabilities that need to be instilled in every employee if we are to stand a chance.

Featured image: Shutterstock

About The Author

1 thought on “How data breaches happen and why it takes so long to discover them”

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top