In conversations about digital compromises, the terms “breach” and “hack” are often used interchangeably—but the two are actually quite different. In short, a hack involves a malicious actor or actors gaining unauthorized access to a protected computer, whereas a breach is a broader category indicating any spill of confidential data, including those that happen by accident. Here's some more detail on what makes them different, and how prevention strategies differ between the two.
What is a Hack?
The question of what exactly constitutes a hack prompts different answers depending on the perspective of the individual answering.
For instance, among criminals who pride themselves on their unique skill in cracking into systems, someone deploying a popular program that automates the process of effecting a digital intrusion might be derisively referred to as a “script kiddie”: a person who is childishly running others' scripts (programs) rather than doing the true hacking of using his or her own intelligence to invent a custom technique for breaking in.
But at the opposite extreme, from the perspective of some jurists in the criminal justice system, users simply sharing passwords can run afoul of the Computer Fraud and Abuse Act, typically thought of as the chief anti-hacking law on the books.
From the perspective of a business, however, hacks are compromises caused by people with malicious intent who—whether by simple or complex means—are cracking into the organization's systems in ways that cause problems.
There is a definite “bad guy” component to a hack—someone is seeking to do damage. In contrast, a breach can be as simple as an accidentally misconfigured web server causing internal company data to be indexed by Google.
How to Prevent a Hack
Since hackers have malicious intent, it can help IT teams to adopt the mindset that they are battling foes. For that, they need resources such as the Security Operations Center of a managed security service.
Using tools like vulnerability management to patch security flaws before hackers exploit them is a good way to maintain strong defences and stay one step of ahead of the opponents.
What is a Breach?
The word “breach” is a broad term used for many types of cybersecurity compromises. When speaking loosely, one could identify a hack as a type of breach. But if precision is called for, then it is best to use “breach” only for those compromises where there is no malicious intent, and the data has been released due to mistake, negligence, or some other unintentional cause.
The Internet of Things is already providing many examples of what may be considered breaches. For instance, hundreds of webcams and other devices worldwide are leaking footage or other data from the inside of businesses and homes onto the Internet, where they are indexed by the popular search engine Shodan.io.
In this situation, there are no hackers involved. The leaks of information are simply due to the equipment's default settings. However, that does not mean they are not dangerous. These breaches may be revealing information that the devices' owners do not wish to have exposed.
How to Prevent a Breach
To prevent the mistakes that lead to breaches, organizations can instill a security culture among their employees. Safety—both physical and digital—should be a daily topic, something staff members are encouraged to talk about and find solutions to. With greater awareness, employees become invested in and proactive about preventing mistakes. Under that paradigm, breaches are less likely to happen.
The Role of a Cybersecurity Agency
We understand that cybersecurity is hard work. Whether a breach or a hack, we are here to help. The Cygilant Cybersecurity Agency has your back. Whether augmenting your security program or starting from scratch, you get three things:
1. Cybersecurity Advisors (CSAs)
Dedicated experts work one-on-one with you as an extension of your team to identify and meet you security goals.
2. 24x7 SOC Team
We operate global Security Operation Centers (SOCs) staffed around the clock with eyes always on your network.
3. SOCVue Platform
SOCVue consolidates multiple streams of security data to help detect and respond to threats faster and effortlessly collaborate.
Learn more about the Cygilant Cybersecurity Agency.