sb-au logo
Story image

Over 2,300 data breaches disclosed so far in 2018 - report

20 Aug 2018

There have been 2,308 publicly disclosed data compromise events through June 30th, according to Risk Based Security's Mid-Year 2018 Data Breach QuickView report.

After a surprising drop in the number of reported data breaches in the first quarter, breach activity appears to be returning to a more “normal” pace.

At the mid-year point, 2018 closely mirrors 2016’s breach experience but still trails the high watermark set in 2017.

Risk Based Security executive vice president Inga Goddijn says, “2018 has been a curious year. After the wild ride of 2017, we became accustomed to seeing a lot of breaches, exposing extraordinary amounts of information.

“2018 is remarkable in that the number of publicly disclosed breaches appears to be levelling off while the number of records exposed remains stubbornly high.”

“It’s not easy to characterise 2.6 billion records exposed as an improvement, even if it is less than the 6 billion exposed at this time last year.”

Phishing for usernames and passwords then using the stolen credentials to access systems or services stands out as a particularly popular attack method utilised by hackers in the first six months of the year.

Additionally, the arrival of the GDPR in late May brought another layer of nuance to the cataloguing and reporting of data breaches.

After the GDPR took effect, data protection authorities across the EU reported sizable spikes in the number of breaches submitted to their offices.

How many will become public - or have already been disclosed and are only now making their way to regulators attention - remains to be seen.

Similar to Q1, fraud continues to hold the top spot for the breach type compromising the most records, accounting for 47.5% of exposed records.

As with prior reports, the number of incidents attributed to hacking remains high, accounting for well over 50% of disclosed breaches.

With the number of vulnerabilities reported this year on pace to exceed 2017 and over 3,000 of those vulnerabilities going uncovered by the CVE and National Vulnerability Database (NVD), it is tempting to attribute the high percentage of breaches from hacking to inferior or incomplete vulnerability intelligence.

Goddijn says, “There are a lot of moving parts to an effective information security program and certainly patch management is one of the trickier components to tackle.

“That said, tried and true social engineering techniques combined with the ability to take advantage of unpatched weaknesses are some of the most effective tools malicious actors can use.

“That means defending against activities like phishing and solid vulnerability management go hand in hand when it comes to stopping hackers,” she says.

“While we expect hacking to remain the leading cause of data loss, we can’t lose sight of the damage that can come from accidental exposure.

“Misconfigured services, exposed S3 buckets and even improper email handling have led to more than their fair share of recent breaches.

Goddijn adds, “This type of data loss is easily prevented and protecting against it is nearly entirely within the organisation’s control. It shouldn’t be overlooked in the quest to prevent external attacks.”

Story image
Bitdefender reveals new botnet which 'puts others to shame'
The botnet, which Bitdefender has dubbed ‘dark_nexus’ based on a string it puts in its banner, boasts new features and capabilities that ‘put to shame’ most other IoT botnets and malware that the cybersecurity has seen.More
Story image
Mentorship key to bringing women into cybersecurity - Microsoft
“Diverse teams make better and faster decisions 87% of the time compared with all male teams, yet the actual number of women in our field fluctuates between 10 and 20%. What ideas have we missed by not including more women?”More
Story image
Email attacks up 667% following rise of COVID-19 worldwide
Of the COVID-19 related attacks detected by Barracuda Sentinel through March 23, 54% were scams, 34% were brand impersonation attacks, 11% were blackmail, and 1% are business email compromise.More
Story image
Trustworthy and reliable: why making data privacy a priority leads to stronger customer relationships
Showing you’re scrupulous about how you collect, use and store customer information also has a positive impact on your customers’ experience with your brand and your bottom line.More
Story image
Data is more valuable to cyber attackers than cash - report
Data theft was the goal of more than half of all attacks in 2019, according to PT. This is a 20 percentage point increase compared to 2018 when data theft was the goal of only 30% of incidents. More
Story image
Interview: Aura GM on security implications for enterprise during and post-pandemic
Techday spoke with Aura Information Security general manager Peter Bailey on what this new normal means for cybersecurity, and its potential lasting effect on organisations.More