What is the difference between data leak and data breach? Could you give an example of what the insider threat would be for a data leak and a data breach?
Reading the section "Who Causes Data breaches" on Kaspersky page I think I understand, but please help me with examples.
"Breach" has a specific meaning: existing controls were somehow broken or bypassed. This could have been accidental or malicious. Outside or inside people could breach controls. Hackers who manipulate a system to gain access to data they are not authorised to access is a data breach, as is an employee going against policy/procedure which exposes data.
"Leak" is a more general term and simply refers to the outcome that data was made available to unauthorised people. This could have been caused by a breach (broken or bypassed controls) or through other means. If there was no control in place, then unauthorised access is merely a "leak".
In my understanding, these two words breach and leak are used interchangeably in the security and privacy ecosystem. Professionals or researchers commonly use these words in their communication. Henceforth information/data breach or information/data leak means the information is accessible to an unauthorized or the confidentiality of the data is lost.
It is more important to understand other terms like events, incidents, and breaches.
Event: any observable happening, occurrence, or change in the normal state of a network, service, or system.
Incident: any event which leads to the compromise of confidentiality, integrity, and availability or violation of organization implemented controls (administrative, technical and physical)
Breach: A breach is, generally, unauthorized use or disclosure of protected health information (PHI), personally identifiable information (PII), Sensitive Information, etc.
A breach will always be an incident, while the incident doesn't need to be a breach.
Different security and privacy frameworks like ISO 27001, HIPAA, NIST, PCI-DSS, etc. have defined these terms.
**"Breach"** - Open Port to Data
**"Leak"** - Downloaded Unknowingly and others have access.
**or** (the answer angruement!)
**"Breach"** - Internet
**"Leak"** - Physical
example of what the insider threat would be for a data leak and a data breach a.hacker pheaker wifi scanned the card info - leak
b. mysql-injected page is in google cache of customer info thru shopping card - breach
Even though I think they also mean the same thing. Because many real life Leak-Breaches are done with physical and internet.
some more examples.
c. linux server gets root kitted but no data is stolen, its a breach but no data was 'known' to be leaked. So its unfair to say in Leaks and Breaches weather the value 'known' is every correct.
d. linux server gets targeted root kitted and email,database from particulur customer is downloaded and sold.
e. linux servers get all data downloaded, and cloud stored by hackers. Breach and Leak but unknown if leak will be used. ( but maliously add data is vularable.)
Breach Happens, Then Unknowingly leak maybe Happens, -> Then unknown does data get used for malious?
f.The Breach was because the webserver had inscure wordpress plugins that allowed the mysql injection that caused the Leak.
