A new report from Risk Based Security suggests the number of data breaches fell by 48% globally in 2020; however, the number of breached records increased by 141% to 37 billion.
The data for the Risk Based Security 2020 Year End Report came from crawls of the Internet to find information on data breaches, with all cases then subject to manual review. The researchers identified 3,932 breaches that had been disclosed in 2020 and. The final figure may be 10%-20% higher, as there are typically delays reporting data breaches.
The number of reported breaches is similar to the number reported in 2015 and 2016; however, the researchers explain that while there was an apparent reduction, that may not be the case. Risk Based Security VP Inga Goddijn does not believe fewer breaches are happening, only that fewer data breaches were reported in 2020.
“Disruptions at certain governmental sources, delayed reporting and declining news coverage have all contributed to fewer breaches coming to light in 2020, but that is only a part of the story. More complex and damaging attacks have also contributed to lengthy and complex investigations.”
The large number of breached records was due to some major data breaches being reported in 2020. 82% of the records were exposed in just five data breaches. All 5 of those incidents involved the public exposure of many millions of records due to misconfigured cloud databases and services, which allowed the data to be accessed over the internet without the need for any authentication. While the exposure of data was potentially serious, Risk Based Security found little evidence to suggest any of the exposed data has been misused.
External actors were behind the majority (77%) of data breaches, with access to data most commonly achieved using stolen credentials. 69% of all breaches that were caused by insiders in 2020 were due to human error, such as the accidental removal of protections for cloud services.
Ransomware attacks have increased in 2020 and the healthcare industry was extensively targeted. Many hospitals and health systems in the United States were forced to resort to pen and paper when they were locked out of their electronic medical records, patients had to be diverted to alternative facilities, and many appointments had to be postponed. A separate report from Check Point revealed there was a major spike in healthcare ransomware attacks in October and attacks continued at high levels for the remainder of the year.
Risk Based Security’s analysis shows ransomware attacks across all sectors increased by 100% from 2019, with 17% of all reported breaches involving the use of ransomware. Many of these attacks involved double extortion, where files are stolen prior to encryption and a ransom demand is issued for the keys to unlock the encryption and to prevent stolen data from being released publicly.
According to a recent report from the New Zealand cybersecurity firm Emsisoft, at least 17 ransomware gangs are now exfiltrating data prior to file encryption and are using these double extortion tactics, compared to just 1 gang at the start of the year.