After last year’s record high profile breaches, issues of data privacy and information security have continued to make headlines in 2018, with Facebook and Cambridge Analytica drawing particular media attention (despite not being a ‘cybersecurity breach’ per se), panic over GDPR continuing to rage, breaches such as UnderArmour and MyFitnessPal, and details still coming to light on last year’s breaches, such as Equifax.
But according to an April 2018 report by Risk Based Security, Q1 2018 has seen a dramatic drop in data losses – “the quietest first quarter for breach activity since 2012”.
From the start of the year to March 31st, 686 breaches were disclosed, exposing approximately 1.4 billion records. While this still sounds like a lot, the figures for Q1 2017 were, respectively, 1442 and 3.4 billion: 2018’s figures in both categories are less than half last year’s.
As well as disclosed breaches being down, the average time to report has also been cut. The average time between discovery and reporting of a breach in Q1 2018 was 37.9 days, down from 42.7 days in Q1 2017 and 68.9 days in Q1 2016. While steadily improving, Risk Based Security points out that judging by these figures, organisations may struggle to comply with GDPR’s 72 hour rule.
However, while the number of breaches disclosed in Q1 is the lowest in years, the number of records exposed is still substantially higher than Q1 of 2014-6, when the average was 235 million.
Part of the reason for the drop may be the profitability of cryptomining, which makes data theft a less tempting target. “It’s still too early to say for sure,” said Risk Based Security’s executive vice president Inga Goddijn, “But it does go to show, malicious activity will follow the best opportunities for making a profit.”
Hacking was the top cause of breaches, accounting for 267 of the 686, but was responsible for only 10.9% of the records exposed (with fraud being the main factor here by far, responsible for 87.5% of exposed records; this is largely down to Cambridge Analytica and the sale of access to India’s Aadhaar database).
External actors remain the most common in breaches, accounting for 459 out of the 686, followed by insider error (accidental rather than malicious) with 119. Record exposure is somewhat more complicated – ‘Unknown’ is the most common perpetrator; however, most of these are from the same incident, which exposed over a billion records. Risk Based Security suggests that the most likely cause of this leak was a malicious insider.
The United States was the most common location for disclosed breaches, accounting for 392 out of 686. India and Canada took second and third place with 25 and 21 respectively. India accounted for 81% of exposed records, followed by the United States again (17.9%) and then Norway (0.2%).
The most common type of data exposed was names, which were exposed in 44.2% of incidents, with second and third place being taken by email addresses and social security numbers, respectively. The least common type was medical data, which was exposed in 11.1% of cases.
Of course, the report only covers disclosed breaches – and as Risk Based Security pointed out, that also fails to cover other activities such as cryptomining. So while the drop is at least in theory good news, it might be a step too far to say that cybercrime is down too.