Vulnerabilities / Threats

11/8/2017
03:52 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Data Breach Record Exposure Up 305% from 2016

There have been 3,833 publicly disclosed data breaches in the first nine months of 2017, exposing more than seven billion records.

The Equifax and Yahoo incidents eclipsed news of the other 1,465 breaches reported in Q3 but shouldn't diminish the importance of the 3,833 total breaches reported in the first nine months of this year, which exposed more than 7 billion records.

Risk Based Security disclosed its latest analysis of this year's breaches, including the most recent quarter, in its Q3 2017 Data Breach QuickView Report released today.

The pace of breach disclosures began to steadily grow in July 2017, peaking in September with more than 600 breaches reported for the month. Compared to the first nine months of 2016, the number of reported breaches in 2017 is up 18.2%; the number of exposed records up 305%.

Five incidents from this year are among the top 10 largest breaches of all time and, combined, exposed about 78.5% of all exposed records to date. The Equifax incident leads the pack as the most severe breach of both Q3 and 2017.

"Equifax made a lot of headlines for a lot of good reasons," says Inga Goddijn, Executive Vice President for Risk Based Security. "It's horrible in terms of the amount of data lost -- 145 million records is a mega breach by any measure … but really the breach response, in a number of textbook ways, is how not to handle a breach response; how to make a bad situation worse."

If not for Equifax, there are several other major breaches which would have stolen the spotlight. Goddijn points out the compromised version of Avast CCleaner, as well as payment card breaches at Whole Foods and Sonic, which also hit the news cycle in September.

They're after your credentials

There is a "number of factors" driving the number of breaches in 2017, she continues, but a key reason is failure to recognize the value of personal data on the black market.

"Really, the underlying driving cause is that data has value, and it has a monetary value, and so often we have a tendency to lose sight of that," Goddijn explains. "At the leadership level, that recognition hasn't taken hold as far as we would like to see it."

Researchers noticed an uptick in leaks targeting credentials for popular streaming services. Access credentials in the form of email addresses and passwords are the two most compromised data types, at 44.3% and 40%, respectively.

There's so much data floating around on the Web, it's common for attackers to grab leaked information and test stolen credentials on various websites. Access credentials tend to last longer than financial data, which has a shorter shelf life, Goddijn notes.

"Things like credit card numbers, even bank account numbers, can be changed. The data is only good for so long," she says. "People have a tendency not to change passwords unless they have to, and they use the same password for different services."

Most breaches are caused by hacking: there were 1997 hacking events, exposing 2.7 billion records, in the first nine months of 2017. There were fewer Web breaches, at 206 incidents, but they caused far more damage with a total of 4.8 billion records exposed.

Silver lining and steps forward

Data indicates we're still seeing mega breaches and data leaks but some trends are starting to shift. The severity of breaches skewed lower this particular quarter, Goddijn points out.

During Q3 there were more breaches exposing between 1 and 100 records, indicating lower severity. Fewer breaches exposed Social Security numbers and other high-value data, which drove down breach severity scores. Goddijn calls this a "good trend to see" and hopes the rest of 2017 will follow suit.

However, the outlook won't be quite as sunny if security teams don't step up their game.

"One of the bigger factors, where organizations fall short, is not making security a part of their ordinary everyday operations," she says. "Security has to be an ongoing process. It's not just 'Hey we got a new firewall,' or 'Look, we got a new antivirus system.'"

While these are important, it's also important to think about the business and how all activity affects security. How are new employees onboarded? How can you control their application access? When they leave, do you have a process to take away their access?

"Too often, management fails to recognize the need to build out those processes," Goddijn explains. This failure can drive vulnerabilities and insider threats, both malicious and accidental.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20050
PUBLISHED: 2018-12-10
Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method.
CVE-2018-20051
PUBLISHED: 2018-12-10
Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on.
CVE-2018-20029
PUBLISHED: 2018-12-10
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
CVE-2018-1279
PUBLISHED: 2018-12-10
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on ...
CVE-2018-15800
PUBLISHED: 2018-12-10
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.