Cybersecurity is an important subject for a business’ entire team to appreciate, particularly when it comes to the minute differences between different terms. For instance, a layperson might hear “breach” and automatically think “security incident.” While this technically isn’t incorrect, per se, the two terms aren’t really synonymous.
Let’s take a few moments to dive into the minutiae and define these two terms more clearly.
Let’s begin by establishing the real definitions of “data breach” and “security incident.”
In no uncertain terms, a breach happens when some of your business’ data is somehow accessed by someone outside of your organization through their own specific efforts to do so, Trend Micro defines it as “an incident wherein information is stolen or taken from a system without the knowledge or authorization of the system's owner.”
Basically, a breach is when a business’ stored data is accessed by an unauthorized user—which means that, technically speaking, a data breach isn’t an inherently malicious thing.
A security incident is the term given to any violation of established security policies regarding a business’ technology, at any scale. Again, a security incident isn’t inherently malicious, but should still be seen as a potential threat to an organization’s security and compliance.
As a blanket term, “security incident” covers a wide range of circumstances, including:
…I think you get the picture.
Security incidents are commonly delineated by their severity: how serious the incident is, and how much of a company’s collective attention will need to be paid to resolve them. Serious incidents—things like data breaches, DDoS (Distributed Denial of Service) attacks, and advanced persistent threats (APTs)---are all high-priority security incidents, whereas things like a malware infection or someone accessing data without authorization would be considered of medium priority. Low-priority incidents would be things like false alarms.
Technically speaking, yes… however, it is an important difference to stay cognizant of. After all, clarity is going to be important if you do face a security incident as to what kind of incident it is, and what needs to be done to resolve it. Encouraging your team members to familiarize themselves with the various warning signs that something is wrong gives you an increased chance of someone spotting an issue. In turn, this gives you the opportunity to catch and resolve a threat before it materializes into a real security incident—breach or otherwise.
User awareness is a key component of any business’ security, for certain, but the trick is that it is only one component of it… one of many. We Define IT is here to help you attend to the rest of them. Give us a call at 888-234-WDIT (9348) to find out more about the security services we offer.
About the author
Mr. Angaza has been changing the face of IT service for over 20 years. His unending commitment to technical excellence is only outmatched by his dedication to customer service and satisfaction.
You have to register to leave a comment, register here.
Comments