Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/28/2021
11:35 AM
50%
50%

Breach Data Highlights a Pivot to Orgs Over Individuals

In 2020, breaches were down by 19%, while the impact of those compromises -- measured in people affected -- fell by nearly two-thirds.

Both the number of data breaches and the number of individuals affected by data breaches plummeted in 2020, as attackers moved away from collecting mass amounts of information and instead targeted user credentials as a way to infiltrate corporate networks to install ransomware.

That's according to a new report, out Jan. 28 from the Identity Theft Resource Center, which estimates that more than 300 million individuals were affected by data breaches in 2020, a large number but a drop of 66% over the previous year. In addition, the number of reported data breaches fell to 1,108, a decline of 19% over 2019.

Because more than half of workers shifted to remote work during the year, many expected data breaches to increase, but instead cybercriminals became more focused, says James Lee, chief operating officer of the ITRC.

Related Content:

Breach Data Shows Attackers Switched Gears in 2020

Special Report: 2021 Top Enterprise IT Trends

New From The Edge: Building Your Personal Privacy Risk Tolerance Profile

"What has happened is that threat actors are not as interested in mass data collection," he says. "The data breaches that do occur are not about 'hoovering' up everything in sight, as they were five and ten years ago. Now they are very targeted and very strategic."

The top findings of the breach report reflect two major economic trends. As companies shifted to a remote workforce due to the pandemic, more than half of workers moved to working from home. The shift made credentials an even more valuable commodity for hackers, as valid credentials could be used to infiltrate a business.

And what to do with credentials? Cybercriminals continued to double down on ransomware, attacking companies, encrypting and exfiltrating sensitive data, and demanding payment for the keys to the data, in a one-two punch known as "double extortion."

"What [cybercriminals] are really looking for, and this is reflected in the value you see in the identity marketplace, … is credentials," Lee says. "They know that most people reuse passwords, so even a personal compromise, they know, can lead them to a corporate setting, the ability to get into a company."

Both the number of breaches and the number of people affected are down significantly from the highs of the past five years. In 2017, the number of annual reported breaches hit a high of 1,631 incidents, 47% more than in 2020. In 2016, the number of individuals affected by data breaches spiked, reaching 2.5 billion, more than seven times higher than in 2020.

Unlike other data breach reports, the ITRC does not use the number of records exposed as a measure of impact. A report released earlier this month by Risk Based Security also saw breaches decline but noted that the number of exposed records increased, mainly due to large databases left accessible online.

Phishing — including business email compromise, a form of spear-phishing — topped the list of data breach causes, accounting for 382, or 44%, of data breaches. The second major cause is ransomware, accounting for 158 breaches or 18%, followed by malware with 104 breaches or 12% of the total.

Companies' focus on security — and the lessons that past breaches have provided — is likely one reason that breaches have declined, says ITRC's Lee.

"You look at an Equifax, you look at a Target, you look at all these companies, and the pain that they have gone through to come out on the other side as stronger organizations — it is a very painful process," he says. "People look at that and say I don't want that to happen to me, so there is a lot of practices and security tools they put in place."

Yet attackers have started to adapt as well. Supply chain attacks have become more popular, with more than 668 companies affected by attacks on third-party providers, according to the report.

Data breaches affecting individuals continued to prioritize sensitive data, such as Social Security numbers, personal health information, and credentials, with 558, 407, and 231 data breaches including those types of data, respectively, according to the report.

In a worrisome trend, the US government is reducing the support for identity-theft victim assistance; in fact, no federal funds have been specifically reserved for such assistance in the current fiscal year, according to the report. 

"The US government has been the primary source of funding for victim assistance offered by the ITRC and other non-profit organizations as well as state and local government agencies," the report states. "Those funds are steadily being reduced."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32077
PUBLISHED: 2021-05-06
Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four SSN digits are part of the supported combination of search se...
CVE-2020-23263
PUBLISHED: 2021-05-06
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add.
CVE-2020-23264
PUBLISHED: 2021-05-06
Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators.
CVE-2021-27941
PUBLISHED: 2021-05-06
Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the...
CVE-2021-29203
PUBLISHED: 2021-05-06
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gai...