Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/11/2020
04:10 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Data Breaches Declined in Q1 2020 Over Q1 2019 -- Or Did They?

Numbers are down, but that may only be because organizations have been too busy fighting COVID-19-related cyberthreats to notice compromises, Risk Based Security says.

The biggest news on the data breach front from last quarter was not how many of them there were, but how few.

Seemingly contrary to what all the reports about heightened threat activity related to COVID-19 have suggested, the number of publicly disclosed data breaches in Q1 2020 — 1,196 — was the lowest for the first quarter since 2016, according to new data from Risk Based Security.

That number represents a massive 58% decline from the 2,842 data breaches that were publicly disclosed in Q1 2019. It is also somewhat lower than the 1,244 reported breaches in Q1 2018 and 1,454 breaches in Q1 2017.

But as encouraging as the Q1 2020 data might appear, it does not necessarily suggest a decline in breach activity, Risk Based Security says in a report this week. 

Rather, the disruption triggered by the COVID-19 pandemic might simply have resulted in a decline in the number of breach disclosures. It is quite possible that many companies have not discovered breaches that happened in the first three months of this year because of all the turmoil caused by the response to the pandemic, the security vendor said.

The apparently huge decrease in breach disclosures in Q1 2019 versus Q1 2020 is also somewhat misleading. Threat activity in the first quarter of 2019 was unusually high, resulting in a sharp spike in breach disclosures. When this year's numbers are compared with Q1 2018 and Q1 2017, the decline is less dramatic.

"Because of the disruption triggered by COVID-19, we suspect there are more events occurring that have yet to be discovered," says Inga Goddijn, executive vice president at Risk Based Security.

According to Goddijn, the number of breaches in 2020 will end up being quite high and quite likely to make it another "worst year on record."

"The sudden shift to remote working and the introduction of new tools that comes along with that, coupled with the stress and distraction created by the pandemic, creates a lot of opportunity for things to go wrong," Goddijn says.

Massive Increase in Records Exposed
Risk Based Security's analysis shows that while the number of breaches last quarter declined compared with Q1 2019, the number of records exposed surged dramatically. An unprecedented 8.4 billion records — everything from email addresses and passwords to Social Security numbers, credit card data, and health information — were exposed in Q1 2020, representing a 273% increase over Q1 last year.

As in previous quarters, though, a handful of breaches — just 11 — contributed to a vast proportion of exposed records. One breach, involving a misconfigured ElasticSearch cluster, alone accounted for over 5.1 billion compromised records in Q1 2020.

Risk Based Security discovered that, excluding these mega breaches, the vast number of incidents — 68% — involved less than 1,000 records.

"This indicates that most breaches are far less extreme than casual observations of other reports might suggest," the vendor noted in its report.

Once again, although hacking and other incidents of unauthorized access handily outnumbered Web-related data exposures, far more records were exposed in the latter in Q1 2020. Risk Based Security found than an average of 850,000 records were compromised per breach where hacking was involved. In comparison, Web disclosures averaged over 106 million records per breach.

"The Web category includes entire databases left unsecured and openly accessible," Goddijn says. "In contrast, malicious outsider activity is often more targeted toward specific data sets or transactions like payment data or credit card transactions."

Besides hacking and Web exposures, other – somewhat less frequent — causes for data breaches included viruses and malware and card-/data-skimming attacks.

A total of 154 of the 1,196 data breaches that were disclosed last quarter were insider-related, and 23 of them involved malicious insiders. Though relatively rare, these insider incidents caused considerable damage. In one incident, malicious insiders stole proprietary coating technology from Eastman Chemical, and another incident involved the theft of marketing research and customer lists from Hershey.

The key takeaway from last quarter's breach data is that investment in security is more important than ever, Goddijn says.

"Malicious actors thrive during crises at the same time the likelihood of missteps increases," she says. "It's a tricky combination to navigate, making security all the more critical during the year."

Related Content:

 

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register
 

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16632
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
CVE-2021-32073
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.