Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:35 AM

Breach Data Highlights a Pivot to Orgs Over Individuals

In 2020, breaches were down by 19%, while the impact of those compromises -- measured in people affected -- fell by nearly two-thirds.

Both the number of data breaches and the number of individuals affected by data breaches plummeted in 2020, as attackers moved away from collecting mass amounts of information and instead targeted user credentials as a way to infiltrate corporate networks to install ransomware.

That's according to a new report, out Jan. 28 from the Identity Theft Resource Center, which estimates that more than 300 million individuals were affected by data breaches in 2020, a large number but a drop of 66% over the previous year. In addition, the number of reported data breaches fell to 1,108, a decline of 19% over 2019.

Because more than half of workers shifted to remote work during the year, many expected data breaches to increase, but instead cybercriminals became more focused, says James Lee, chief operating officer of the ITRC.

Related Content:

Breach Data Shows Attackers Switched Gears in 2020

Special Report: 2021 Top Enterprise IT Trends

New From The Edge: Building Your Personal Privacy Risk Tolerance Profile

"What has happened is that threat actors are not as interested in mass data collection," he says. "The data breaches that do occur are not about 'hoovering' up everything in sight, as they were five and ten years ago. Now they are very targeted and very strategic."

The top findings of the breach report reflect two major economic trends. As companies shifted to a remote workforce due to the pandemic, more than half of workers moved to working from home. The shift made credentials an even more valuable commodity for hackers, as valid credentials could be used to infiltrate a business.

And what to do with credentials? Cybercriminals continued to double down on ransomware, attacking companies, encrypting and exfiltrating sensitive data, and demanding payment for the keys to the data, in a one-two punch known as "double extortion."

"What [cybercriminals] are really looking for, and this is reflected in the value you see in the identity marketplace, … is credentials," Lee says. "They know that most people reuse passwords, so even a personal compromise, they know, can lead them to a corporate setting, the ability to get into a company."

Both the number of breaches and the number of people affected are down significantly from the highs of the past five years. In 2017, the number of annual reported breaches hit a high of 1,631 incidents, 47% more than in 2020. In 2016, the number of individuals affected by data breaches spiked, reaching 2.5 billion, more than seven times higher than in 2020.

Unlike other data breach reports, the ITRC does not use the number of records exposed as a measure of impact. A report released earlier this month by Risk Based Security also saw breaches decline but noted that the number of exposed records increased, mainly due to large databases left accessible online.

Phishing — including business email compromise, a form of spear-phishing — topped the list of data breach causes, accounting for 382, or 44%, of data breaches. The second major cause is ransomware, accounting for 158 breaches or 18%, followed by malware with 104 breaches or 12% of the total.

Companies' focus on security — and the lessons that past breaches have provided — is likely one reason that breaches have declined, says ITRC's Lee.

"You look at an Equifax, you look at a Target, you look at all these companies, and the pain that they have gone through to come out on the other side as stronger organizations — it is a very painful process," he says. "People look at that and say I don't want that to happen to me, so there is a lot of practices and security tools they put in place."

Yet attackers have started to adapt as well. Supply chain attacks have become more popular, with more than 668 companies affected by attacks on third-party providers, according to the report.

Data breaches affecting individuals continued to prioritize sensitive data, such as Social Security numbers, personal health information, and credentials, with 558, 407, and 231 data breaches including those types of data, respectively, according to the report.

In a worrisome trend, the US government is reducing the support for identity-theft victim assistance; in fact, no federal funds have been specifically reserved for such assistance in the current fiscal year, according to the report. 

"The US government has been the primary source of funding for victim assistance offered by the ITRC and other non-profit organizations as well as state and local government agencies," the report states. "Those funds are steadily being reduced."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-21
neos/forms is an open source framework to build web forms. By crafting a special `GET` request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form F...
PUBLISHED: 2021-06-21
Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.
PUBLISHED: 2021-06-21
Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes,
PUBLISHED: 2021-06-21
mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, however ...
PUBLISHED: 2021-06-21
In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196177