What is an Information Security Incident?
An information security incident can be explained as someone who does not have authorisation gaining access to data, possibly with malicious intent. This could happen due to weak computer security, improperly disposed of documents, lost mobile devices, and so on. Information security incidents or 'data breaches' can result in considerable financial and reputational damage for organisations and/or members of staff.
Organisations can mitigate the risk of a data breach by preparing themselves and their staff to spot risks and red flags and report them accordingly to the right authority. Employees should also be briefed in information security best practice so they feel empowered when it comes to keeping personal information safe.
When a Threat Becomes an Incident
A threat refers to anything that could be seen as having the potential to disrupt information systems and processes, we can also think of threats as 'security risks'. Given enough time and the right circumstances, these risks can result in a data breach. That's why security threats should be audited regularly and, as much as possible, mitigated.
The moment someone cybercriminal locates a vulnerability in your system and exploits it to gain unauthorised access to systems and networks, a security incident has occurred. In many cases, incidents like this must be reported to the ICO within 72 hours and the people who may be impacted by the breach must be informed. Incidents may vary, but can include hackers sending or uploading malware to your organisation's systems, attempting phishing scams though email, or infiltrating systems through man in the middle attacks. In all these cases and more, all that is needed is one weak link in the information security chain to allow exploitation.
The speed that a threat can become an incident may be as quick as an employee innocently clicking on a link they've been sent and that looks important or interesting. Coming from an unknown source, this link could cause malware to be downloaded to the device and then spread throughout the entire organisation's network, all before you know it's happened. It is the responsibility of everyone to remain vigilant to the speed and efficacy of such attacks and, even if the sender is known, stop and think before opening attachments or giving away confidential information.
The Ethereum attack is an example of just how fast an incident can take shape. The Ethereum network became the victim of a very slick, technically-proficient, attack that resulted in losses equating to just under $40 million (around £30.2 million). What was so shocking about this case was that the heist happened in a matter of minutes, stressing that huge amounts of information and money can be lost before you even know it – and all due to one critical flaw in the network's design.