• What Is the Definition of a Data Breach, and Does Ransomware Count?

    Posted on August 20, 2018 by in News, Security

    Ten or twelve years ago, IT security companies warned of the possibility of a catastrophic data breach, but there were far fewer real-world examples than there are today. Now, it seems that some new breach comes to light every week, sometimes more than one a week. Data breaches can affect a wide variety of data: customer and employee records, payroll data, intellectual property, strategic plans and more. In the modern digital economy, securing your data is more important than ever. But what’s the current thinking on how to define a data breach? Does ransomware count as a breach?

    U.S. Federal Government Data Breach Definitions

    The FBI defines a data breach as “A leak or spill of data, which is released from a secure location to an untrusted environment. Data breaches can occur at the personal and corporate levels and involve sensitive, protected, or confidential information that is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so.”

    The NICCS (National Initiative for Cybersecurity Careers and Studies), which was created by the U.S. Department of Homeland Security, defines the term similarly: “the unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.”

    That seems like a pretty good working definition and is consistent with the FBI’s view. This could include malware that logs keystrokes or someone using valid credentials purchased on the dark web to access your cloud applications. It could also include inadvertent disclosure by an employee, or a departing employee downloading data onto a flash drive on the way out the door. The possible scenarios are endless.

    Does Ransomware Count?