Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/11/2020
04:10 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Data Breaches Declined in Q1 2020 Over Q1 2019 -- Or Did They?

Numbers are down, but that may only be because organizations have been too busy fighting COVID-19-related cyberthreats to notice compromises, Risk Based Security says.

The biggest news on the data breach front from last quarter was not how many of them there were, but how few.

Seemingly contrary to what all the reports about heightened threat activity related to COVID-19 have suggested, the number of publicly disclosed data breaches in Q1 2020 — 1,196 — was the lowest for the first quarter since 2016, according to new data from Risk Based Security.

That number represents a massive 58% decline from the 2,842 data breaches that were publicly disclosed in Q1 2019. It is also somewhat lower than the 1,244 reported breaches in Q1 2018 and 1,454 breaches in Q1 2017.

But as encouraging as the Q1 2020 data might appear, it does not necessarily suggest a decline in breach activity, Risk Based Security says in a report this week. 

Rather, the disruption triggered by the COVID-19 pandemic might simply have resulted in a decline in the number of breach disclosures. It is quite possible that many companies have not discovered breaches that happened in the first three months of this year because of all the turmoil caused by the response to the pandemic, the security vendor said.

The apparently huge decrease in breach disclosures in Q1 2019 versus Q1 2020 is also somewhat misleading. Threat activity in the first quarter of 2019 was unusually high, resulting in a sharp spike in breach disclosures. When this year's numbers are compared with Q1 2018 and Q1 2017, the decline is less dramatic.

"Because of the disruption triggered by COVID-19, we suspect there are more events occurring that have yet to be discovered," says Inga Goddijn, executive vice president at Risk Based Security.

According to Goddijn, the number of breaches in 2020 will end up being quite high and quite likely to make it another "worst year on record."

"The sudden shift to remote working and the introduction of new tools that comes along with that, coupled with the stress and distraction created by the pandemic, creates a lot of opportunity for things to go wrong," Goddijn says.

Massive Increase in Records Exposed
Risk Based Security's analysis shows that while the number of breaches last quarter declined compared with Q1 2019, the number of records exposed surged dramatically. An unprecedented 8.4 billion records — everything from email addresses and passwords to Social Security numbers, credit card data, and health information — were exposed in Q1 2020, representing a 273% increase over Q1 last year.

As in previous quarters, though, a handful of breaches — just 11 — contributed to a vast proportion of exposed records. One breach, involving a misconfigured ElasticSearch cluster, alone accounted for over 5.1 billion compromised records in Q1 2020.

Risk Based Security discovered that, excluding these mega breaches, the vast number of incidents — 68% — involved less than 1,000 records.

"This indicates that most breaches are far less extreme than casual observations of other reports might suggest," the vendor noted in its report.

Once again, although hacking and other incidents of unauthorized access handily outnumbered Web-related data exposures, far more records were exposed in the latter in Q1 2020. Risk Based Security found than an average of 850,000 records were compromised per breach where hacking was involved. In comparison, Web disclosures averaged over 106 million records per breach.

"The Web category includes entire databases left unsecured and openly accessible," Goddijn says. "In contrast, malicious outsider activity is often more targeted toward specific data sets or transactions like payment data or credit card transactions."

Besides hacking and Web exposures, other – somewhat less frequent — causes for data breaches included viruses and malware and card-/data-skimming attacks.

A total of 154 of the 1,196 data breaches that were disclosed last quarter were insider-related, and 23 of them involved malicious insiders. Though relatively rare, these insider incidents caused considerable damage. In one incident, malicious insiders stole proprietary coating technology from Eastman Chemical, and another incident involved the theft of marketing research and customer lists from Hershey.

The key takeaway from last quarter's breach data is that investment in security is more important than ever, Goddijn says.

"Malicious actors thrive during crises at the same time the likelihood of missteps increases," she says. "It's a tricky combination to navigate, making security all the more critical during the year."

Related Content:

 

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register
 

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
Kelly Sheridan, Staff Editor, Dark Reading,  10/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27652
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27653
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27654
PUBLISHED: 2020-10-29
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
CVE-2020-27655
PUBLISHED: 2020-10-29
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
CVE-2020-27656
PUBLISHED: 2020-10-29
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.