[BreachExchange] 5, 183 breaches from the first nine months of 2019 exposed 7.9 billion records

Fri Nov 15 09:45:07 EST 2019

https://www.helpnetsecurity.com/2019/11/14/breaches-2019/

According to Risk Based Security’s Q3 2019 Data Breach QuickView
Report, the total number of breaches was up 33.3% compared to Q3 2018,
with 5,183 breaches reported in the first nine months of 2019.

Breach activity in 2019

Breach activity in 2019 is living up to being “the worst year on
record”. Although the total number of breaches is on track to break
previous year records, the total number of records exposed has already
surpassed the 2017 year end total. 7.9 billion records have already
been exposed and we are on track to reach as high as 8.5 billion.

“As we look over the experience of 2019, what stands out is that we
are often our own worst enemy” commented Inga Goddijn, Executive Vice
President at Risk Based Security. “Whether it’s a phishing campaign
that ultimately provides malicious actors with a toehold into systems
or misconfigured databases and services that leave millions of
sensitive records freely available on the internet, it seems to be
human nature coupled with weak controls that contributed heavily to
the number and severity of breaches we’ve seen this year.”

Most breached organization type

The Q3 2019 Data Breach QuickView Report covers the data breaches
reported between January 1st and September 30th, 2019.

Key findings state that by NAICS economic sector, medical services,
retailers and public entities experienced the most breaches, but when
all business-related sectors are combined, general business remains
the most breached organization type. Looking further into data breach
landscape, hacking remains the top breach type for number of incidents
while Web has exposed the most records this year.

“This year over 6 billion records have been made freely accessible
thanks to misconfigured databases, backups, end points, and services,”
said Goddijn. “The widespread availability of tools useful for
identifying such leaks coupled with an interest in reporting – as well
as taking advantage of – these exposures has fueled the growth in the
number of records compromised.”

Number of breaches by global location, reported by 9/30/19

How can organizations protect themselves?

With the number of publicly disclosed events showing no signs of
slowing, researchers ask whether efforts should focus on minimizing a
breach’s impact rather than on prevention alone.

Ms. Goddijn concludes, “We are often asked ‘what should be done to
stop this’ but perhaps the better question is ‘what can be done to
minimize the impact’. If we accept the axiom ‘it’s not a matter of if,
but when’ an organization will be breached – then solely focusing on
prevention is not the solution. A vibrant risk management strategy
coupled with incident response planning can go a long way towards
minimizing the damage that can come from a security event.”