We live in a data-centric world where data holds the utmost importance. Any person’s life can be summed up through the data belonging to him. From identity to finance to even health, our data needs to have the optimum protection. But, with the growing dependency on data, it has become more prone to malicious activities and one such prevailing activity is data theft.

What is data theft?

Data theft is a situation when the sensitive data of your organization has been exposed to unauthorized access for any malicious intent. A data breach can be either be carried out by an individual or a group of cybercriminals looking to leverage your critical information to demand a ransom. Whether it is your personal information, health-related data, or financial information, the results of a data breach can be devastating. The cybercriminal can either use that data to impersonate you or use your information for wrong purposes but the most common scenario that has become extremely frequent is the demand of a ransom.  Data theft followed by a ransom note is becoming extremely popular in the world of cybercrime.

Reasons for a data breach

In a study by Intel Security, it has been found that 80% of SMEs don’t use any data protection plans which is why they are most susceptible to data thefts and hence blackmail. The reasons mentioned below are why data breaches have become so common in today’s data-driven world.


  1. Malware: Either through email or when connected to a public network, users are targeted by the cybercriminal’s phishing attacks. These attacks lead to the installation of malware into your system which is dangerous to your sensitive information. It is a form of virus which can erase the critical data.
  2. Old security measures: The world of cybercrime is growing exponentially and becoming more advanced by the minute. Old security measures and software are not equipped to identify let alone handle the modern cybercrime techniques.
  3. Manual error: Weak passwords or exposure of critical information to an unauthorized person is the most common reason for data theft.
  4. Indirect attacks: If your organization has small business partners, chances are that a hacker can target those partners to ultimately get to your data. This is mainly because the security protocols and infrastructure of the small businesses is not as robust as of a large business.


Steps to take in a data breach

When a data breach is identified, consider the following questions before taking any steps:


  • Which data has been exposed to the cybercriminal?
  • Where is that data stored?
  • What are the possible ways the breach could have happened?
  • What can be the outcomes of the breach?
  • Is the data actually stolen?
  • Is any other data exposed to hackers?


After you have successfully identified the answer to these questions, you need to focus on the following things:


1.    Contain the damage

If you have identified a data breach, panicking is not going to help. Before you figure out anything else, you need to stop the breach from spreading. It depends entirely on the type of breach and the data that has been exposed. Your options vary from isolating a specific department, shutting down accounts, or isolating the systems to control the breach.


2.    Assessment

Identify the potential damage that can be caused using the data that has been stolen. Define the sensitivity of the data and the probable misuse. You need to identify if the data can be restored. Another point to consider is if the hacker can even use the information without any insight.


3.    Check your security

Regular security audits ensure that your organization is safe from any external threats. Even if a data theft has already occurred, having a security audit is a preferred practice. It allows you to assess the vulnerabilities of your system and reinforces the infrastructure. There are many areas which are often overlooked, and a security audit can help you identify them. It covers network and server systems, IP blocks, open ports, rDNS records, infrastructure, and system administration.


4.    Notify the end-users

If the data that has been exposed belongs to your customer, you have to notify them. Even if it affects your business, it helps you save your reputation and also saves you from any potential lawsuits as there are certain regulations when it comes to notifying the affected personnel.


5.    Future steps

It’s never too late to think about the future. A data breach means that there is a need for improvement in your existing security protocols and to ensure that your data is safe in the future, you should make the necessary changes.


Preventing the data breach

Prevention is always better than cure. While a data breach is an unexpected catastrophe, it can be prevented in the future. For this, you can perform the following steps:


  • Provide security and privacy training to your employees, regularly.
  • Encourage the use of strong passwords in the company.
  • Use security software to protect your data.
  • Add multiple authorization levels to restrict access to sensitive data.
  • Encryption and multi-factor authentication should be incorporated.
  • A breach recovery plan and policies should be in place.



Your decision to pay a ransom is exactly that – your decision. A data theft means that your data is already in the hands of a criminal. The fact that he is asking for a ransom clearly indicates that his integrity or ethnicity cannot be trusted. There is no guarantee that the cybercriminal will not ask for more money or that he won’t leak that data even if gets your money. Which is why most organizations choose not to pay the ransom. Therefore, the best practice is to follow the control measures, contain the situation, and follow your security protocol.


However, some organizations are comfortable paying the ransom as the amount does not outweigh the potential loss. So, depending on the extent of your data’s sensitiveness and its impact on your organization, you can choose to take a chance. After all, the possibility of a better future is intriguing but whatever the ransom note says one thing is for certain, your data has been exposed.