The year 2019 is shaping up to be a landmark one for data breaches, as it has seen over 3,800 breaches—a 50% or greater increase over the last four years, according to a report published by Risk Based Security on Wednesday.
“Between 2015 and 2018, the variation in the number of reported breaches was less than 200 incidents. For the first six months of 2019, the number of breaches increased by 54% compared to the same time last year,” the report states, adding that a high volume of leaks of relatively few records skews, somewhat, this measure.
In contrast, the number of records exposed in the first half of 2019 is 30% lower compared to the same time frame in 2017, according to the report—though this may change in the second half of the year, as recent reports detail the full extent of the data exfiltrated by Paige A. Thompson, the hacker accused in the Capital One data breach, is said to possess “multiple terabytes of data stolen… from more than 30 other companies, educational institutions, and other entities,” according to court documents obtained by ZDNet.
SEE: Mastermind con man behind Catch Me If You Can talks cybersecurity (free pdf) (TechRepublic)
Despite concerns raised in the cybersecurity community about insider threats, 89% of breaches are the result of outside attacks, though the report notes that “more and more sensitive data is exposed when insiders fail to properly handle or secure the information,” pointing to misconfigured databases and services representing 149 of 3,813 incidences reported so far this year resulting in the exposure of over 3.2 billion records.
Risk Based Security also points to the dangers of placing sensitive data in the hands of third parties, naming the American Medical Collection Agency (AMCA) breach, in which “hackers infiltrated AMCA’s network and pilfered over 22 million debtors’ records including data such as names, addresses, dates of birth, Social Security numbers and financial details” as a critical event. “These breaches be more difficult to manage given the multiple parties involved, they can also have more damaging consequences for the individuals whose data is exposed in the event,” the report said, noting that the breach has severe consequences for AMCA, as the company “was forced into filing for bankruptcy protection a mere 2 weeks after news of the breach made headlines.”
Healthcare services are the single highest affected industry, according to Risk Based Security, with Retail, Finance/Insurance, Public Administration, and IT rounding out the top five.
For more, check out “Ransomware attacks on businesses up 365% this year” and “Businesses need to patch for BlueKeep to avoid another WannaCry” on TechRepublic.