What’s the Difference Between a Security Incident and a Breach?

Cybersecurity is an important subject for a business’ entire team to appreciate, particularly when it comes to the minute differences between different terms. For instance, a layperson might hear “breach” and automatically think “security incident.” While this technically isn’t incorrect, per se, the two terms aren’t really synonymous.

Let’s take a few moments to dive into the minutiae and define these two terms more clearly.

Let’s begin by establishing the real definitions of “data breach” and “security incident.”

What is a “Data Breach?”

In no uncertain terms, a breach happens when some of your business’ data is somehow accessed by someone outside of your organization through their own specific efforts to do so, Trend Micro defines it as “an incident wherein information is stolen or taken from a system without the knowledge or authorization of the system's owner.”

Basically, a breach is when a business’ stored data is accessed by an unauthorized user—which means that, technically speaking, a data breach isn’t an inherently malicious thing.

What is a “Security Incident?”

A security incident is the term given to any violation of established security policies regarding a business’ technology, at any scale. Again, a security incident isn’t inherently malicious, but should still be seen as a potential threat to an organization’s security and compliance.

As a blanket term, “security incident” covers a wide range of circumstances, including:

• Malware infection
• Spam hitting an inbox
• Physical access to IT equipment and infrastructure
• A Distributed Denial of Service (DDoS) attack
• Portable storage being misused
• A brute force attack enabling network access

…I think you get the picture.

Security incidents are commonly delineated by their severity: how serious the incident is, and how much of a company’s collective attention will need to be paid to resolve them. Serious incidents—things like data breaches, DDoS (Distributed Denial of Service) attacks, and advanced persistent threats (APTs)—are all high-priority security incidents, whereas things like a malware infection or someone accessing data without authorization would be considered of medium priority. Low-priority incidents would be things like false alarms.

Isn’t This Just a Difference in Semantics?

Technically speaking, yes… however, it is an important difference to stay cognizant of. After all, clarity is going to be important if you do face a security incident as to what kind of incident it is, and what needs to be done to resolve it. Encouraging your team members to familiarize themselves with the various warning signs that something is wrong gives you an increased chance of someone spotting an issue. In turn, this gives you the opportunity to catch and resolve a threat before it materializes into a real security incident—breach or otherwise.

We Can Help You Prevent Threats from Getting That Far

User awareness is a key component of any business’ security, for certain, but the trick is that it is only one component of it… one of many. CoreTech is here to help you attend to the rest of them. Give us a call at (270) 282-4926 to find out more about the security services we offer.