According to Risk Based Security’s 2019 Midyear Quickview Data Breach Report, there have been 3,813 separate data breaches reported through June — exposing about 4.1 billion records. That’s a 54% increase in data breaches and 52% increase in exposed records over the same period in 2018.
Of the organizations that suffered a breach and could be clearly classified, those in the business sector accounted for 67% of breaches, followed by medical (14%), government (12%) and education (7%).
The web remains the primary vector of exposed records, accounting for 79% of compromised records, the report states. Hacking remains the number one cause of data breach incidents, accounting for 82% of those reported. “Email addresses and passwords remain prized targets, with email addresses exposed in approximately 70% of reported breaches and passwords exposed in approximately 65% of reported breaches,” the report stated.
Attacks continue to focus on user credentials. And that’s for good reason: it works. Reams of login credentials are made available every day on the dark web. According to the report, such activity has increased in recent months.
While the report shows that there are more external data attacks, when insiders attack, they tend to expose more sensitive data. “The vast majority of incidents are attributable to malicious actors outside of the organization, yet more and more sensitive data is exposed when insiders fail to properly handle or secure information. Case in point: misconfigured databases and services – 149 of the 3,813 incidents reported this year – exposed over 3.2 billion records,” the report found.
“Attackers have taken notice. The practice of targeting open, unsecured databases to either steal data or hold it for ransom has ebbed and flowed over the past 2 years,” the report continued.
As the report said, the first six-months of 2019 were among the worst ever when it came to raw data breach numbers, and there’s little to be optimistic about. “The number of breaches is up and the number of records exposed remains stubbornly high. What is clear is that despite the awareness of the issue among business leaders and the best efforts of defenders, data breaches continue to take place at an alarming rate,” the report says.
Such reports could be much different if organizations that hold large amounts of data focused more on securing that data and if there was a bigger focus on two-factor authentication. According to the report, passwords accounted for 64% of all exposed data, and more than 3.2 billion records (80% of the total) were exposed in just eight of the data breaches.
*** This is a Security Bloggers Network syndicated blog from Cybersecurity Matters – DXC Blogs authored by Cybersecurity Matters. Read the original post at: https://blogs.dxc.technology/2019/09/26/2019-could-be-a-record-breaking-year-for-data-breaches/