Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/11/2020
04:10 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Data Breaches Declined in Q1 2020 Over Q1 2019 -- Or Did They?

Numbers are down, but that may only be because organizations have been too busy fighting COVID-19-related cyberthreats to notice compromises, Risk Based Security says.

The biggest news on the data breach front from last quarter was not how many of them there were, but how few.

Seemingly contrary to what all the reports about heightened threat activity related to COVID-19 have suggested, the number of publicly disclosed data breaches in Q1 2020 — 1,196 — was the lowest for the first quarter since 2016, according to new data from Risk Based Security.

That number represents a massive 58% decline from the 2,842 data breaches that were publicly disclosed in Q1 2019. It is also somewhat lower than the 1,244 reported breaches in Q1 2018 and 1,454 breaches in Q1 2017.

But as encouraging as the Q1 2020 data might appear, it does not necessarily suggest a decline in breach activity, Risk Based Security says in a report this week. 

Rather, the disruption triggered by the COVID-19 pandemic might simply have resulted in a decline in the number of breach disclosures. It is quite possible that many companies have not discovered breaches that happened in the first three months of this year because of all the turmoil caused by the response to the pandemic, the security vendor said.

The apparently huge decrease in breach disclosures in Q1 2019 versus Q1 2020 is also somewhat misleading. Threat activity in the first quarter of 2019 was unusually high, resulting in a sharp spike in breach disclosures. When this year's numbers are compared with Q1 2018 and Q1 2017, the decline is less dramatic.

"Because of the disruption triggered by COVID-19, we suspect there are more events occurring that have yet to be discovered," says Inga Goddijn, executive vice president at Risk Based Security.

According to Goddijn, the number of breaches in 2020 will end up being quite high and quite likely to make it another "worst year on record."

"The sudden shift to remote working and the introduction of new tools that comes along with that, coupled with the stress and distraction created by the pandemic, creates a lot of opportunity for things to go wrong," Goddijn says.

Massive Increase in Records Exposed
Risk Based Security's analysis shows that while the number of breaches last quarter declined compared with Q1 2019, the number of records exposed surged dramatically. An unprecedented 8.4 billion records — everything from email addresses and passwords to Social Security numbers, credit card data, and health information — were exposed in Q1 2020, representing a 273% increase over Q1 last year.

As in previous quarters, though, a handful of breaches — just 11 — contributed to a vast proportion of exposed records. One breach, involving a misconfigured ElasticSearch cluster, alone accounted for over 5.1 billion compromised records in Q1 2020.

Risk Based Security discovered that, excluding these mega breaches, the vast number of incidents — 68% — involved less than 1,000 records.

"This indicates that most breaches are far less extreme than casual observations of other reports might suggest," the vendor noted in its report.

Once again, although hacking and other incidents of unauthorized access handily outnumbered Web-related data exposures, far more records were exposed in the latter in Q1 2020. Risk Based Security found than an average of 850,000 records were compromised per breach where hacking was involved. In comparison, Web disclosures averaged over 106 million records per breach.

"The Web category includes entire databases left unsecured and openly accessible," Goddijn says. "In contrast, malicious outsider activity is often more targeted toward specific data sets or transactions like payment data or credit card transactions."

Besides hacking and Web exposures, other – somewhat less frequent — causes for data breaches included viruses and malware and card-/data-skimming attacks.

A total of 154 of the 1,196 data breaches that were disclosed last quarter were insider-related, and 23 of them involved malicious insiders. Though relatively rare, these insider incidents caused considerable damage. In one incident, malicious insiders stole proprietary coating technology from Eastman Chemical, and another incident involved the theft of marketing research and customer lists from Hershey.

The key takeaway from last quarter's breach data is that investment in security is more important than ever, Goddijn says.

"Malicious actors thrive during crises at the same time the likelihood of missteps increases," she says. "It's a tricky combination to navigate, making security all the more critical during the year."

Related Content:

 

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register
 

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/3/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20811
PUBLISHED: 2020-06-03
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
CVE-2019-20812
PUBLISHED: 2020-06-03
An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067.
CVE-2020-13776
PUBLISHED: 2020-06-03
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
CVE-2019-20810
PUBLISHED: 2020-06-03
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.
CVE-2020-4026
PUBLISHED: 2020-06-03
The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted...