[BreachExchange] Breach activity declines, number of compromised records remains high

Audrey McNeil audrey at riskbasedsecurity.com
Thu May 10 19:05:17 EDT 2018


After year over year increases in the number of reported data breaches,
Risk Based Security has released the results of their Q1 2018 Data Breach
QuickView Report, showing the number of breaches disclosed in the first
three months of the year fell to 686 compared to 1,444 breaches reported in
Q1 2017. The number of records compromised in the quarter remained high,
with over 1.4 billion records exposed.

“We knew we were seeing less activity than prior quarters but we were still
surprised by the final tally” commented Inga Goddijn, Executive Vice
President at Risk Based Security. “We were geared up for a wave of activity
targeting tax filing data that never fully materialized as expected.”
Indeed, in Q1 2017 there were over 200 instances of phishing for employee
W2 data. At the end of April 2018, that activity had waned to just over 30
such such reported events.

Shifting tactics also appears to have played a role in the decrease.
Cryptomining malware and cryptojacking has been a part of the threat
landscape since early 2017. However the spike in the value of
cryptocurrencies that took place in January fueled a rapid expansion into
the theft of computing resources. Goddijn went on to comment, “While there
is no direct data linking the rise of crypo-miners to a reduction in data
breach activity, there are tantalizing bits of evidence that lead us to
believe there is some level of relationship at play here.”

Beyond the number of breaches reported, many of the trends observed
throughout 2017 continued to be evident in the first three months of 2018.
For example, the top 5 breach types that dominated recent reports –
hacking, skimming, inadvertent disclosure on the Internet, phishing and
malware – all remained the top breach types into 2018.

Likewise, the vast majority of breaches are still originating from outside
the organization, most events are being discovered by external parties, the
data types targeted and average number of records compromised showed little
variation from 2017. Ms Goddijn added, “Other than the dip in the number of
data breaches reported, Q1 2018 was very much in lock step with recent
quarters. If there was a truly seismic shift in breach activity we would
expect other metrics to show some signs of change as well. Given this, we
think the jury is still out on whether the dip is a one-time blip or part
of a larger trend.”

In addition the typical metrics found in the Data Breach QuickView Report,
Risk Based Security included the metrics on the average number of days
between breach discovery and disclosure.“We have tracked a variety of dates
for many years but haven’t included an analysis of this data in our breach
reports. With the GDPR taking effect in May, we wanted to share how well
organizations might be able to comply with Article 33 – the 72 hour
notification rule based on our research.” said Ms Goddijn.

To that end, the Q1 2018 report includes an analysis of the average number
of days between the day the organization first learns of the breach event
and the day the event is publicly reported. The findings are encouraging,
showing the average number of days between discovery and disclosure has
been steadily declining from year to year. However at a current average of
37.9 days, the analysis shows there is still work to be done to meet the
obligation to report a breach to the authorities within 72 hours of
becoming aware of the event.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180510/5c0ee454/attachment.html>

More information about the BreachExchange mailing list