Corporations have always worried about certain nefarious entities compromising or stealing their trade secrets – even before the advent of the Internet. The global accessibility that the Internet provides has driven those fears outer space high, and nation states have hopped aboard the fear wagon – as well they should! Hardly a week goes by without a mention of a data hack, breach, or leakage. The current debate – if we could call it that – concerning cyber attacks during last U.S. presidential election is a prime example.
There aren’t any signs of a buck in that trend so let’s quickly compare some of the terms that’ll keep hitting us over the head in the near future:
Data leakage is the unauthorized transfer of classified information out of its appropriate security domain. This could be intentional or unintentional. An intentional example is a disgruntled employee sharing trade secrets or a whistleblower. Data leakage could also be unintentional, for instance insufficient authentication could grant information access to the wrong users or information that’s placed in the public domain might have private information that should have been taken out.
A data hack* (better identified as a systems/ application hack) is an intentional attack perpetrated on a technological system by malicious actors – using various tech tools – with the intent of stealing private information or planting fake data. Threat agents that might be carry out such attacks are cybercriminals, hacktivists, and nation states.
A data breach is the intentional/ unintentional release of secure or private/confidential information to an untrusted environment. Data breaches are an umbrella term for both hacks and leakages.
Examples of the top data breaches: Wikipedia’s list of data breaches, The world’s biggest Data Breaches – an interactive infographic.
* The old meaning of hack used to be an ingenious, inelegant, but effective solution to a computing problem.
