Cygilant Blog

The 5 Stages of a Data Breach (and How You Can Protect Your Company)

Posted by Security Steve on Feb 29, 2016



We’re growing more aware of data breaches, but our understanding of how they work hasn’t kept pace with the increasing rate of cyber attacks. In fact, they've become so common that one in three Americans have had their health records compromised in 2015. Cybersecurity education is necessary in preventing future hacks; here's a breakdown of the five stages of a data breach—and what solutions SMEs can use to protect themselves.

1. Researching the Target

A data breach generally begins with the hackers researching the target company in great detail to know how they function. The criminals might look at job listings to find out what specific hardware and software the business uses. They might check financial filings and court records to learn how much the target spends on cybersecurity. Additionally, hackers may identify the target's business partners, because compromising them first might provide an entry point into the target's systems.

2. Scanning for Vulnerabilities

Next, hackers will scan or “probe” the target's systems for vulnerabilities. Typically they use software utilities that scan the target system's ports and report which ones are open. Hackers will also try to “enumerate” everything on the target network—such as devices and accounts—since any of these might provide a point of entry if it’s vulnerable. Then, hackers will use tools that seek out known vulnerabilities, or perhaps check to see if the system has a relatively unknown weakness.


Network security monitoring is key for uncovering vulnerabilities before hackers can find out about them. This security practice can detect unusual probing activity and alert IT teams to take defensive measures. SIEM and log management solutions are also useful in analyzing problematic traffic.

3. Exploiting Vulnerabilities

After uncovering system vulnerabilities (that's assigned to an open port), the hackers will run an exploit code that takes advantage of the weaknesses.


To protect themselves, organizations can take a proactive security posture to seek out vulnerabilities and mitigate them before hackers can take action. They can deploy vulnerability management, which will regularly scan their systems for weaknesses such as zero-day threats. With SocVue’s Vulnerability Management service, qualified professionals will prioritize and analyze the vulnerabilities, and then provide remediation guidance so that the in-house IT team can take the most effective defensive measures.

4. Delivering Payload

Now that the hackers have exploited the network, their next step is to deliver the payload. They might do so by uploading malware, hijacking servers, or taking over internal user accounts. By this stage, the hackers have intruded into their target's system, and are making sure they can access the valuable data they are seeking.

5. Extracting Data

Finally, hackers will download the data they were seeking, whether that’s credit card information, medical records, intellectual property, or something else. Good network security monitoring can pick up on this unusual traffic—but with strong cyber defenses, such as SOCVue, hackers won’t be able to get this far.


Organizations that take a proactive security stance, including discovering and fixing weaknesses before hackers can find them, will be far better protected against a data breach like this.


More and more, organizations who were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid SaaS security services that combine the best people, process, and technology are a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternative solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities. To learn more, please request a demo today!


Request Free Demo Now!


Photo: yokyok08/Shutterstock

Most Recent Posts

Subscribe to the Cygilant Newsletter