Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/8/2017
03:52 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Data Breach Record Exposure Up 305% from 2016

There have been 3,833 publicly disclosed data breaches in the first nine months of 2017, exposing more than seven billion records.

The Equifax and Yahoo incidents eclipsed news of the other 1,465 breaches reported in Q3 but shouldn't diminish the importance of the 3,833 total breaches reported in the first nine months of this year, which exposed more than 7 billion records.

Risk Based Security disclosed its latest analysis of this year's breaches, including the most recent quarter, in its Q3 2017 Data Breach QuickView Report released today.

The pace of breach disclosures began to steadily grow in July 2017, peaking in September with more than 600 breaches reported for the month. Compared to the first nine months of 2016, the number of reported breaches in 2017 is up 18.2%; the number of exposed records up 305%.

Five incidents from this year are among the top 10 largest breaches of all time and, combined, exposed about 78.5% of all exposed records to date. The Equifax incident leads the pack as the most severe breach of both Q3 and 2017.

"Equifax made a lot of headlines for a lot of good reasons," says Inga Goddijn, Executive Vice President for Risk Based Security. "It's horrible in terms of the amount of data lost -- 145 million records is a mega breach by any measure … but really the breach response, in a number of textbook ways, is how not to handle a breach response; how to make a bad situation worse."

If not for Equifax, there are several other major breaches which would have stolen the spotlight. Goddijn points out the compromised version of Avast CCleaner, as well as payment card breaches at Whole Foods and Sonic, which also hit the news cycle in September.

They're after your credentials

There is a "number of factors" driving the number of breaches in 2017, she continues, but a key reason is failure to recognize the value of personal data on the black market.

"Really, the underlying driving cause is that data has value, and it has a monetary value, and so often we have a tendency to lose sight of that," Goddijn explains. "At the leadership level, that recognition hasn't taken hold as far as we would like to see it."

Researchers noticed an uptick in leaks targeting credentials for popular streaming services. Access credentials in the form of email addresses and passwords are the two most compromised data types, at 44.3% and 40%, respectively.

There's so much data floating around on the Web, it's common for attackers to grab leaked information and test stolen credentials on various websites. Access credentials tend to last longer than financial data, which has a shorter shelf life, Goddijn notes.

"Things like credit card numbers, even bank account numbers, can be changed. The data is only good for so long," she says. "People have a tendency not to change passwords unless they have to, and they use the same password for different services."

Most breaches are caused by hacking: there were 1997 hacking events, exposing 2.7 billion records, in the first nine months of 2017. There were fewer Web breaches, at 206 incidents, but they caused far more damage with a total of 4.8 billion records exposed.

Silver lining and steps forward

Data indicates we're still seeing mega breaches and data leaks but some trends are starting to shift. The severity of breaches skewed lower this particular quarter, Goddijn points out.

During Q3 there were more breaches exposing between 1 and 100 records, indicating lower severity. Fewer breaches exposed Social Security numbers and other high-value data, which drove down breach severity scores. Goddijn calls this a "good trend to see" and hopes the rest of 2017 will follow suit.

However, the outlook won't be quite as sunny if security teams don't step up their game.

"One of the bigger factors, where organizations fall short, is not making security a part of their ordinary everyday operations," she says. "Security has to be an ongoing process. It's not just 'Hey we got a new firewall,' or 'Look, we got a new antivirus system.'"

While these are important, it's also important to think about the business and how all activity affects security. How are new employees onboarded? How can you control their application access? When they leave, do you have a process to take away their access?

"Too often, management fails to recognize the need to build out those processes," Goddijn explains. This failure can drive vulnerabilities and insider threats, both malicious and accidental.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15864
PUBLISHED: 2021-01-17
An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page.
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...