Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:35 AM

Breach Data Highlights a Pivot to Orgs Over Individuals

In 2020, breaches were down by 19%, while the impact of those compromises -- measured in people affected -- fell by nearly two-thirds.

Both the number of data breaches and the number of individuals affected by data breaches plummeted in 2020, as attackers moved away from collecting mass amounts of information and instead targeted user credentials as a way to infiltrate corporate networks to install ransomware.

That's according to a new report, out Jan. 28 from the Identity Theft Resource Center, which estimates that more than 300 million individuals were affected by data breaches in 2020, a large number but a drop of 66% over the previous year. In addition, the number of reported data breaches fell to 1,108, a decline of 19% over 2019.

Because more than half of workers shifted to remote work during the year, many expected data breaches to increase, but instead cybercriminals became more focused, says James Lee, chief operating officer of the ITRC.

Related Content:

Breach Data Shows Attackers Switched Gears in 2020

Special Report: 2021 Top Enterprise IT Trends

New From The Edge: Building Your Personal Privacy Risk Tolerance Profile

"What has happened is that threat actors are not as interested in mass data collection," he says. "The data breaches that do occur are not about 'hoovering' up everything in sight, as they were five and ten years ago. Now they are very targeted and very strategic."

The top findings of the breach report reflect two major economic trends. As companies shifted to a remote workforce due to the pandemic, more than half of workers moved to working from home. The shift made credentials an even more valuable commodity for hackers, as valid credentials could be used to infiltrate a business.

And what to do with credentials? Cybercriminals continued to double down on ransomware, attacking companies, encrypting and exfiltrating sensitive data, and demanding payment for the keys to the data, in a one-two punch known as "double extortion."

"What [cybercriminals] are really looking for, and this is reflected in the value you see in the identity marketplace, … is credentials," Lee says. "They know that most people reuse passwords, so even a personal compromise, they know, can lead them to a corporate setting, the ability to get into a company."

Both the number of breaches and the number of people affected are down significantly from the highs of the past five years. In 2017, the number of annual reported breaches hit a high of 1,631 incidents, 47% more than in 2020. In 2016, the number of individuals affected by data breaches spiked, reaching 2.5 billion, more than seven times higher than in 2020.

Unlike other data breach reports, the ITRC does not use the number of records exposed as a measure of impact. A report released earlier this month by Risk Based Security also saw breaches decline but noted that the number of exposed records increased, mainly due to large databases left accessible online.

Phishing — including business email compromise, a form of spear-phishing — topped the list of data breach causes, accounting for 382, or 44%, of data breaches. The second major cause is ransomware, accounting for 158 breaches or 18%, followed by malware with 104 breaches or 12% of the total.

Companies' focus on security — and the lessons that past breaches have provided — is likely one reason that breaches have declined, says ITRC's Lee.

"You look at an Equifax, you look at a Target, you look at all these companies, and the pain that they have gone through to come out on the other side as stronger organizations — it is a very painful process," he says. "People look at that and say I don't want that to happen to me, so there is a lot of practices and security tools they put in place."

Yet attackers have started to adapt as well. Supply chain attacks have become more popular, with more than 668 companies affected by attacks on third-party providers, according to the report.

Data breaches affecting individuals continued to prioritize sensitive data, such as Social Security numbers, personal health information, and credentials, with 558, 407, and 231 data breaches including those types of data, respectively, according to the report.

In a worrisome trend, the US government is reducing the support for identity-theft victim assistance; in fact, no federal funds have been specifically reserved for such assistance in the current fiscal year, according to the report. 

"The US government has been the primary source of funding for victim assistance offered by the ITRC and other non-profit organizations as well as state and local government agencies," the report states. "Those funds are steadily being reduced."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...