The biggest news on the data breach front from last quarter was not how many of them there were, but how few.
Seemingly contrary to what all the reports about heightened threat activity related to COVID-19 have suggested, the number of publicly disclosed data breaches in Q1 2020 — 1,196 — was the lowest for the first quarter since 2016, according to new data from Risk Based Security.
That number represents a massive 58% decline from the 2,842 data breaches that were publicly disclosed in Q1 2019. It is also somewhat lower than the 1,244 reported breaches in Q1 2018 and 1,454 breaches in Q1 2017.
But as encouraging as the Q1 2020 data might appear, it does not necessarily suggest a decline in breach activity, Risk Based Security says in a report this week.
Rather, the disruption triggered by the COVID-19 pandemic might simply have resulted in a decline in the number of breach disclosures. It is quite possible that many companies have not discovered breaches that happened in the first three months of this year because of all the turmoil caused by the response to the pandemic, the security vendor said.
The apparently huge decrease in breach disclosures in Q1 2019 versus Q1 2020 is also somewhat misleading. Threat activity in the first quarter of 2019 was unusually high, resulting in a sharp spike in breach disclosures. When this year's numbers are compared with Q1 2018 and Q1 2017, the decline is less dramatic.
"Because of the disruption triggered by COVID-19, we suspect there are more events occurring that have yet to be discovered," says Inga Goddijn, executive vice president at Risk Based Security.
According to Goddijn, the number of breaches in 2020 will end up being quite high and quite likely to make it another "worst year on record."
"The sudden shift to remote working and the introduction of new tools that comes along with that, coupled with the stress and distraction created by the pandemic, creates a lot of opportunity for things to go wrong," Goddijn says.
Massive Increase in Records Exposed
Risk Based Security's analysis shows that while the number of breaches last quarter declined compared with Q1 2019, the number of records exposed surged dramatically. An unprecedented 8.4 billion records — everything from email addresses and passwords to Social Security numbers, credit card data, and health information — were exposed in Q1 2020, representing a 273% increase over Q1 last year.
As in previous quarters, though, a handful of breaches — just 11 — contributed to a vast proportion of exposed records. One breach, involving a misconfigured ElasticSearch cluster, alone accounted for over 5.1 billion compromised records in Q1 2020.
Risk Based Security discovered that, excluding these mega breaches, the vast number of incidents — 68% — involved less than 1,000 records.
"This indicates that most breaches are far less extreme than casual observations of other reports might suggest," the vendor noted in its report.
Once again, although hacking and other incidents of unauthorized access handily outnumbered Web-related data exposures, far more records were exposed in the latter in Q1 2020. Risk Based Security found than an average of 850,000 records were compromised per breach where hacking was involved. In comparison, Web disclosures averaged over 106 million records per breach.
"The Web category includes entire databases left unsecured and openly accessible," Goddijn says. "In contrast, malicious outsider activity is often more targeted toward specific data sets or transactions like payment data or credit card transactions."
Besides hacking and Web exposures, other – somewhat less frequent — causes for data breaches included viruses and malware and card-/data-skimming attacks.
A total of 154 of the 1,196 data breaches that were disclosed last quarter were insider-related, and 23 of them involved malicious insiders. Though relatively rare, these insider incidents caused considerable damage. In one incident, malicious insiders stole proprietary coating technology from Eastman Chemical, and another incident involved the theft of marketing research and customer lists from Hershey.
The key takeaway from last quarter's breach data is that investment in security is more important than ever, Goddijn says.
"Malicious actors thrive during crises at the same time the likelihood of missteps increases," she says. "It's a tricky combination to navigate, making security all the more critical during the year."
A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19.