Over 2,300 Data Breaches Disclosed So Far In 2018, Exposing Over 2.6 Billion Records
August 15, 2018 • RBS
Risk Based Security today announced the release of its Mid-Year 2018 Data Breach QuickView report, showing there have been 2,308 publicly disclosed data compromise events through June 30th. After a surprising drop in the number of reported data breaches in first quarter, breach activity appears to be returning to a more “normal” pace. At the mid-year point, 2018 closely mirrors 2016’s breach experience but still trails the high water mark set in 2017.
Key Findings for Mid Year 2018
- 2,308 breaches have been reported through June 30, exposing approximately 2.6 billion records.
- Compared to the midway point in 2017, the number of reported breaches is down from 2,439 breaches and the number of exposed records is down from 6 billion.
- The number of disclosed instances targeting employee W-2 forms remained low, with 42 such breaches reported through Q2 2018 compared to 239 for the same time period 2017.
- The Business sector accounted for 40% of reported breaches, followed by Medical (8.3%), Government (8.2%) and Education (4.5%). Nearly 40% of breached organizations could not be definitively classified.
- Five breaches exposed 100 million or more records, accounting for approximately 2 billion of the 2.6 billion total exposed records.
- The Business sector accounted for 52% of the records exposed followed by Government at 2%. The pattern from 2017 remains the same, with the Medical and Education sectors combined accounting for less than 1% of the total records exposed through the first 6 months of the year.
- Fraud remains in the top spot for the breach type compromising the most records, accounting for 47.5% of exposed records, while Hacking takes the lead in number of incidents, accounting for 54.6% of reported breaches.
“2018 has been a curious year. After the wild ride of 2017, we became accustomed to seeing a lot of breaches, exposing extraordinary amounts of information. 2018 is remarkable in that the number of public disclosed breaches appears to be leveling off while the number of records exposed remains stubbornly high,” said Inga Goddijn, Executive Vice President for Risk Based Security. “It’s not easy to characterize 2.6 billion records exposed as an improvement, even if it is less than the 6 billion exposed at this time last year.”
Phishing for usernames and passwords then using the stolen credentials to access systems or services stands out as a particularly popular attack method utilized by hackers in the first 6 months of the year. Additionally, the arrival of the GDPR in late May brought another layer of nuance to the cataloguing and reporting of data breaches. After the GDPR took effect, data protection authorities across the EU reported sizable spikes in the number of breaches submitted to their offices. How many will become public – or have already been disclosed and are only now making their way to regulators attention – remains to be seen.
Similar to Q1, Fraud continues to hold the top spot for the breach type compromising the most records, accounting for 47.5% of exposed records. As with prior reports, the number of incidents attributed to hacking remains high, accounting for well over 50% of disclosed breaches. With the number of vulnerabilities reported this year on pace to exceed 2017 and over 3,000 of those vulnerabilities going uncovered by the CVE and National Vulnerability Database (NVD), it is tempting to attribute the high percentage of breaches from hacking to inferior or incomplete vulnerability intelligence. Ms Goddijn remarked, “There are a lot of moving parts to an effective information security program and certainly patch management is one of the trickier components to tackle. That said, tried and true social engineering techniques combined with the ability to take advantage of unpatched weaknesses are some of the most effective tools malicious actors can use. That means defending against activities like phishing and solid vulnerability management go hand in hand when it comes to stopping hackers.”
Ms Goddijn concluded, “While we expect hacking to remain the leading cause of data loss, we can’t lose sight of the damage that can come from accidental exposure. Misconfigured services, exposed S3 buckets and even improper email handling have led to more than their fair share of recent breaches. This type of data loss is easily prevented and protecting against it is nearly entirely within the organization’s control. It shouldn’t be overlooked in the quest to prevent external attacks.”
About the DataBreach QuickView Report
The DataBreach QuickView report is possible through the research conducted by Risk Based Security. It is designed to provide an executive level summary of the key findings from RBS’ analysis of breach activity disclosed in 2018. Contact Risk Based Security for any specific analysis of the 2018 vulnerabilities of specific interest to your organization.
About Risk Based Security
Risk Based Security (RBS) provides detailed information and analysis on Data Breaches, Vendor Risk Ratings and Vulnerability Intelligence. Our products, Cyber Risk Analytics (CRA) and VulnDB, provide organizations access to the most comprehensive threat intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner. In addition, our YourCISO offering provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal.
VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API for easy integration into GRC tools and ticketing systems. VulnDB allows organizations to search on and be alerted to the latest vulnerabilities, both in end-user software and the third-party libraries or dependencies that help build applications. A subscription to VulnDB provides organizations with simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.
Cyber Risk Analytics (CRA) provides actionable threat intelligence about organizations that have had a data breach or leaked credentials. This enables organizations to reduce exposure to the threats most likely to impact them and their vendor base. In addition, our PreBreach vendor risk rating, the result of a deep-view into the metrics driving cyber exposures, are used to better understand the digital hygiene of an organization and the likelihood of a future data breach. The integration of PreBreach ratings into security processes, vendor management programs, cyber insurance processes and risk management tools allows organizations to avoid costly risk assessments, while enabling businesses to understand its risk posture, act quickly and appropriately to proactively protect its most critical information assets.
YourCISO provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal. YourCISO provides organization ready access to a senior executives and highly skilled technical security experts with a proven track record, matched specifically to your needs. The YourCISO service is designed to be an affordable long term solution for addressing information security risks. YourCISO brings together all the elements an organization needs to develop, document and manage a comprehensive information security program.