Breach vs. Incident: What’s the difference?
By Nick McCourt & Haley Clark
For outsiders, using these terms as synonyms can cause confusion. If those outsiders are working on Incident Response, even more so! Of course, Incident Response is a situation where you don’t want confusion — so we thought we would clear things up.
Incident: Definition and example
An incident is any event outside of normal operations that interferes with, or disrupts, processes necessary to organizational operations.
An example: You get a verification code from Duo that you didn’t request. Or, you lost your laptop and cannot find it.
Breach: Definition and example
A breach is any incident that results in loss or unauthorized access to an organization’s network, data, applications, or devices.
An example: After a successful phishing attack, your organization is hacked, and sensitive information is released.
Breaches are a subset of incidents
A breach is a subset of an incident. You can think of cybersecurity incidents as a big circle of various incidents, with breaches forming a smaller circle inside of incidents.
Why does this matter? An example
Most organizations will disclose a breach to the public, but they may not be required to disclose an incident. For example, this distinction is relevant to organizations keeping HIPAA in mind. Before healthcare organizations say they have a breach, they should ensure that it really is a breach and not just an incident. Doing so can protect your organization and prevent a great deal of hardship. (And organizations might not have to disclose a breach either — if it’s found that the breach was not harmful to those affected. For example, this is part of data breach law in several states like Arkansas. Good to know, both as a business and a consumer.)
Thinking about an Incident Response plan?
Now that you know the difference, you might be thinking about your own Incident Response plan. What is your strategy for an incident? What are your steps to mitigate incidents? What will you do if your company ever faces a breach? Domain Technology Partners can help. We’ve developed Incident Response plans for a wide variety of organizations — from small startups to organizations with industry regulations. Get in touch today and we’ll start to develop a plan that works for you.
We do IT differently.
Find out what sets us apart from all the other IT companies out there.
By Jed FearonManaged service providers and managed security service providers are frequently confused. A managed service provider (MSP) is not the same as a managed security services provider (MSSP). While the MSP may effectively function as an MSSP for a small and...
By Jed FearonThe biggest IT problems are the ones you don’t know exist. Organizing your business enabling technology into simple buckets is one of the best ways to track, score, report, and collaborate with your MSP. While the IT world is filled with much more...
Disasters come in various forms,including floods, tornadoes, hurricanes, and fires. Did you ever imagine that a disaster could materialize because of a virus? The COVID-19 pandemic rocked everyone’s perception of nearly everything, including disaster recovery and...