Vulnerabilities / Threats
11/8/2017
03:52 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Data Breach Record Exposure Up 305% from 2016

There have been 3,833 publicly disclosed data breaches in the first nine months of 2017, exposing more than seven billion records.

The Equifax and Yahoo incidents eclipsed news of the other 1,465 breaches reported in Q3 but shouldn't diminish the importance of the 3,833 total breaches reported in the first nine months of this year, which exposed more than 7 billion records.

Risk Based Security disclosed its latest analysis of this year's breaches, including the most recent quarter, in its Q3 2017 Data Breach QuickView Report released today.

The pace of breach disclosures began to steadily grow in July 2017, peaking in September with more than 600 breaches reported for the month. Compared to the first nine months of 2016, the number of reported breaches in 2017 is up 18.2%; the number of exposed records up 305%.

Five incidents from this year are among the top 10 largest breaches of all time and, combined, exposed about 78.5% of all exposed records to date. The Equifax incident leads the pack as the most severe breach of both Q3 and 2017.

"Equifax made a lot of headlines for a lot of good reasons," says Inga Goddijn, Executive Vice President for Risk Based Security. "It's horrible in terms of the amount of data lost -- 145 million records is a mega breach by any measure … but really the breach response, in a number of textbook ways, is how not to handle a breach response; how to make a bad situation worse."

If not for Equifax, there are several other major breaches which would have stolen the spotlight. Goddijn points out the compromised version of Avast CCleaner, as well as payment card breaches at Whole Foods and Sonic, which also hit the news cycle in September.

They're after your credentials

There is a "number of factors" driving the number of breaches in 2017, she continues, but a key reason is failure to recognize the value of personal data on the black market.

"Really, the underlying driving cause is that data has value, and it has a monetary value, and so often we have a tendency to lose sight of that," Goddijn explains. "At the leadership level, that recognition hasn't taken hold as far as we would like to see it."

Researchers noticed an uptick in leaks targeting credentials for popular streaming services. Access credentials in the form of email addresses and passwords are the two most compromised data types, at 44.3% and 40%, respectively.

There's so much data floating around on the Web, it's common for attackers to grab leaked information and test stolen credentials on various websites. Access credentials tend to last longer than financial data, which has a shorter shelf life, Goddijn notes.

"Things like credit card numbers, even bank account numbers, can be changed. The data is only good for so long," she says. "People have a tendency not to change passwords unless they have to, and they use the same password for different services."

Most breaches are caused by hacking: there were 1997 hacking events, exposing 2.7 billion records, in the first nine months of 2017. There were fewer Web breaches, at 206 incidents, but they caused far more damage with a total of 4.8 billion records exposed.

Silver lining and steps forward

Data indicates we're still seeing mega breaches and data leaks but some trends are starting to shift. The severity of breaches skewed lower this particular quarter, Goddijn points out.

During Q3 there were more breaches exposing between 1 and 100 records, indicating lower severity. Fewer breaches exposed Social Security numbers and other high-value data, which drove down breach severity scores. Goddijn calls this a "good trend to see" and hopes the rest of 2017 will follow suit.

However, the outlook won't be quite as sunny if security teams don't step up their game.

"One of the bigger factors, where organizations fall short, is not making security a part of their ordinary everyday operations," she says. "Security has to be an ongoing process. It's not just 'Hey we got a new firewall,' or 'Look, we got a new antivirus system.'"

While these are important, it's also important to think about the business and how all activity affects security. How are new employees onboarded? How can you control their application access? When they leave, do you have a process to take away their access?

"Too often, management fails to recognize the need to build out those processes," Goddijn explains. This failure can drive vulnerabilities and insider threats, both malicious and accidental.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance & Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cybersecurity Must Be an International Effort
Kelly Sheridan, Associate Editor, Dark Reading,  12/6/2017
NIST Releases New Cybersecurity Framework Draft
Jai Vijayan, Freelance writer,  12/6/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.