Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/8/2017
03:52 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Data Breach Record Exposure Up 305% from 2016

There have been 3,833 publicly disclosed data breaches in the first nine months of 2017, exposing more than seven billion records.

The Equifax and Yahoo incidents eclipsed news of the other 1,465 breaches reported in Q3 but shouldn't diminish the importance of the 3,833 total breaches reported in the first nine months of this year, which exposed more than 7 billion records.

Risk Based Security disclosed its latest analysis of this year's breaches, including the most recent quarter, in its Q3 2017 Data Breach QuickView Report released today.

The pace of breach disclosures began to steadily grow in July 2017, peaking in September with more than 600 breaches reported for the month. Compared to the first nine months of 2016, the number of reported breaches in 2017 is up 18.2%; the number of exposed records up 305%.

Five incidents from this year are among the top 10 largest breaches of all time and, combined, exposed about 78.5% of all exposed records to date. The Equifax incident leads the pack as the most severe breach of both Q3 and 2017.

"Equifax made a lot of headlines for a lot of good reasons," says Inga Goddijn, Executive Vice President for Risk Based Security. "It's horrible in terms of the amount of data lost -- 145 million records is a mega breach by any measure … but really the breach response, in a number of textbook ways, is how not to handle a breach response; how to make a bad situation worse."

If not for Equifax, there are several other major breaches which would have stolen the spotlight. Goddijn points out the compromised version of Avast CCleaner, as well as payment card breaches at Whole Foods and Sonic, which also hit the news cycle in September.

They're after your credentials

There is a "number of factors" driving the number of breaches in 2017, she continues, but a key reason is failure to recognize the value of personal data on the black market.

"Really, the underlying driving cause is that data has value, and it has a monetary value, and so often we have a tendency to lose sight of that," Goddijn explains. "At the leadership level, that recognition hasn't taken hold as far as we would like to see it."

Researchers noticed an uptick in leaks targeting credentials for popular streaming services. Access credentials in the form of email addresses and passwords are the two most compromised data types, at 44.3% and 40%, respectively.

There's so much data floating around on the Web, it's common for attackers to grab leaked information and test stolen credentials on various websites. Access credentials tend to last longer than financial data, which has a shorter shelf life, Goddijn notes.

"Things like credit card numbers, even bank account numbers, can be changed. The data is only good for so long," she says. "People have a tendency not to change passwords unless they have to, and they use the same password for different services."

Most breaches are caused by hacking: there were 1997 hacking events, exposing 2.7 billion records, in the first nine months of 2017. There were fewer Web breaches, at 206 incidents, but they caused far more damage with a total of 4.8 billion records exposed.

Silver lining and steps forward

Data indicates we're still seeing mega breaches and data leaks but some trends are starting to shift. The severity of breaches skewed lower this particular quarter, Goddijn points out.

During Q3 there were more breaches exposing between 1 and 100 records, indicating lower severity. Fewer breaches exposed Social Security numbers and other high-value data, which drove down breach severity scores. Goddijn calls this a "good trend to see" and hopes the rest of 2017 will follow suit.

However, the outlook won't be quite as sunny if security teams don't step up their game.

"One of the bigger factors, where organizations fall short, is not making security a part of their ordinary everyday operations," she says. "Security has to be an ongoing process. It's not just 'Hey we got a new firewall,' or 'Look, we got a new antivirus system.'"

While these are important, it's also important to think about the business and how all activity affects security. How are new employees onboarded? How can you control their application access? When they leave, do you have a process to take away their access?

"Too often, management fails to recognize the need to build out those processes," Goddijn explains. This failure can drive vulnerabilities and insider threats, both malicious and accidental.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13545
PUBLISHED: 2019-10-18
In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution.
CVE-2019-13541
PUBLISHED: 2019-10-18
In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code.
CVE-2019-17367
PUBLISHED: 2019-10-18
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.
CVE-2019-17393
PUBLISHED: 2019-10-18
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and pa...
CVE-2019-17526
PUBLISHED: 2019-10-18
** DISPUTED ** An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__('os').pop...