[BreachExchange] 2019 could be a record-breaking year for data breaches

Destry Winant destry at riskbasedsecurity.com
Mon Sep 30 01:15:18 EDT 2019


According to Risk Based Security’s 2019 Midyear Quickview Data Breach
Report, there have been 3,813 separate data breaches reported through
June — exposing about 4.1 billion records. That’s a 54% increase in
data breaches and 52% increase in exposed records over the same period
in 2018.

Of the organizations that suffered a breach and could be clearly
classified, those in the business sector accounted for 67% of
breaches, followed by medical (14%), government (12%) and education

The web remains the primary vector of exposed records, accounting for
79% of compromised records, the report states. Hacking remains the
number one cause of data breach incidents, accounting for 82% of those
reported. “Email addresses and passwords remain prized targets, with
email addresses exposed in approximately 70% of reported breaches and
passwords exposed in approximately 65% of reported breaches,” the
report stated.

Attacks continue to focus on user credentials. And that’s for good
reason: it works. Reams of login credentials are made available every
day on the dark web. According to the report, such activity has
increased in recent months.

While the report shows that there are more external data attacks, when
insiders attack, they tend to expose more sensitive data. “The vast
majority of incidents are attributable to malicious actors outside of
the organization, yet more and more sensitive data is exposed when
insiders fail to properly handle or secure information. Case in point:
misconfigured databases and services – 149 of the 3,813 incidents
reported this year – exposed over 3.2 billion records,” the report

“Attackers have taken notice. The practice of targeting open,
unsecured databases to either steal data or hold it for ransom has
ebbed and flowed over the past 2 years,” the report continued.

As the report said, the first six-months of 2019 were among the worst
ever when it came to raw data breach numbers, and there’s little to be
optimistic about. “The number of breaches is up and the number of
records exposed remains stubbornly high. What is clear is that despite
the awareness of the issue among business leaders and the best efforts
of defenders, data breaches continue to take place at an alarming
rate,” the report says.

Such reports could be much different if organizations that hold large
amounts of data focused more on securing that data and if there was a
bigger focus on two-factor authentication. According to the report,
passwords accounted for 64% of all exposed data, and more than 3.2
billion records (80% of the total) were exposed in just eight of the
data breaches.

More information about the BreachExchange mailing list