Published: May 06, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
The 2020 Year End Report by Risk Based Security looks at last year’s data breaches, and what they mean for cybersecurity trends going forward. One finding is historic in nature, with a total of more than 37 billion records breached last year, more than double from the year before. From beginning to end, 2020 was a year that cybersecurity experts would like to forget, and cybercriminals have reason to celebrate. Caught in the middle of the two are the everyday users and consumers who found themselves victims of impossible situations they had little to no control over.
The report, based on publicly reported data breaches, finds trends were very much a part of what we experienced. The background of these breaches involved the massive failures of corporate America to protect its data and that of its customers. There was also the coronavirus pandemic that led to a historic rate of hacking, with cybercriminals taking advantage of the health crisis in ways few could imagine. Working remotely gave bad actors the opportunity to take advantage of weak security that was not prepared to handle data safely from those working from home. So, fortify your passwords and buckle your seatbelt – the 2020 data breach numbers are here.
What Data Was Breached?
The top types of data breached in 2020 may not be surprising, but that doesn’t make them any less concerning: names 46.5%; email 32.2%; unknown 29.5%; miscellaneous 28.4%; Social Security number 27.7%; passwords 25.7%.
Who Was Breached?
The top numbers of breaches by economic sector, in a year when hackers took advantage of the coronavirus pandemic: healthcare 484; information 429; finance and insurance 382; public administration 366; professional/scientific 335; manufacturing 271.
Third Party Breach Lost Data
The report defines a “third party breach” as an individual event that compromises one organization and leads to the compromise of data for others held on the system. The types of data lost in third party breaches were: name 68.3%; miscellaneous 41.4%; Social Security number 36.4%; address 36.1%; date of birth 28.2%; medical 24.8%.
Data Breach Geo-Locations
The lucrative targets in the U.S. still prove to be irresistible for data breaches. Breach incidents in the U.S. numbered 2,340, while non-U.S. countries reached 971, and the number of breaches in unknown locations were 621.
The report finds many of the hacking trends in 2020 have been going on for several years. Aside from bad actors continuing to do what they do best, other factors we’ve seen before are still relevant. Mishandled data and misconfigurations still drive the number of exposed records. Stolen credentials continue to give hackers entry into systems, and mismanaged databases are likely to continue exposing massive amounts of data. Also, organizations are still at danger of attack when password reuse at work and at home leaves company data at risk of fraud, spear phishing campaigns, ransomware, and direct compromise.
Tips For The Future
Remind users to choose strong and unique passwords for all accounts. This includes not reusing those at home for work purposes.
Be sure to vet third-party service providers and partners extremely well. Find out their cybersecurity plan of action and be sure it’s what you can agree to.
Implement or continue a cybersecurity awareness training program. Make it ongoing throughout the year. Threats evolve and change, so doing it continually will keep in the front of the minds of users.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org