May 19, 2020

As technology advances and the amount of data world-wide continues to grow, it is no surprise that the two threaten each other. Technology has to advance, change and improve to keep up with the increasingly more voluminous amounts of data. The more data there is, the more vulnerable it is to being compromised by increasingly sophisticated cyberattacks, malicious insider threats, and accidents from technological misuse – and all three of these have been on the rise.

Risk-Based Security publishes quarterly, mid-year and year-end data security and data breach reports. These reports contain information from 2011 – 2019 and there are some trends and constants that are very notable; such as:

  • The top four most stolen/exposed data types are Email Addresses, Usernames, Passwords and First/Last Names.
  • Most breaches expose more than one data type.
  • Since 2016, Healthcare has consistently been in the top two of industries with the most data breaches. Since 2013, Technology/Information/Software have been in the top four.
  • Hacking is always the top breach type, and the number of hacking incidents has increased almost every year (2013 and 2016 saw a slight decline).
  • Hacking also exposed the most records every year from 2013-2016. Web-based exposure took over in 2017 and has held since.
  • 2017 is the worst year on record for insider threats with 5.1 billion records exposed. This was a 3,750% increase from 2016. (The largest year-to-year increase of any stat).
  • External threats have been the number one cause of exposed records every year except 2017 and 2018. These two years saw Human Error as the main cause.

2019 was a very alarming year for data security. According to Risk-Based Security’s Year End Data Breach Report, the number of records exposed reached 15.1 billion – an all-time high. This is a 91.4% increase from the previous high of 7.9 billion records in 2017. Although the total number of incidents was down 10.6% from 2017, 2019 saw a 76% increase in the number of hacking incidents. Web-based exposure of records also drastically increased, reaching a high of 13.5 billion records – a 150% increase from 2017’s high of 5.4 billion.

Even though hacking is consistently the largest breach type by number of incidents, insider threats have been increasing dramatically. The vast amounts of records exposed by human error in 2017 and 2018 overtook the leading external threats from 2013-2016.

According to an article by Ekran Systems, insider-related incidents cost North American businesses up to $11.1 million a year per business and the average cost rose 15% from 2018 to 2019. Verizon considers the top five most common malicious insiders of 2019 as:

  • Careless workers
  • Inside agents
  • Disgruntled employees
  • Deliberately malicious insiders
  • Third-party users

A majority of reports, acknowledged by both Ekran Systems and Risk-Based Security, indicate human error as the main cause of data leaks. However, privilege misuse and “cyber espionage” are among the top three insider threat patterns. Ekran Systems has even discovered that certain industries experience different types of threats more often. For example, financial organizations are most commonly affected by privilege misuse and the public sector is affected mainly by cyber espionage. Based on these changes in insider threat statistics, security professionals are beginning to recommend moving the spotlight away from privileged users and admins and more towards regular employees. These accounts are typically less monitored and the users are less educated on cybersecurity best practices.

SmartData Fabric® (SDF) security-centric, distributed virtual data, master data and graph data management, and analytics tool, is designed to be the gatekeeper of data while providing a data governance layer. It can protect from both external threats and malicious insiders through Active Directory (AD)-based Identity and Access Management (IAM), Role-Based Access Control (RBAC), Single Sign-On (SSO), Attributed-Based Access Control (ABAC)/Row-Level Security (RLS) and Column-Level Security (CLS), as well as SSL/TSL encrypted communications. SDF generally does not store data, indexing it instead and providing pointers to the data in the source. Indexed data can be masked, tokenized and/or encrypted based on the role a user is assigned to and the specific attributes of the user.

As a data fabric, SDF transparently lays over existing IT architectures and systems – both leveraging and complementing what is already in place. SDF imposes military-grade security on access to data sources, regardless of whether any such security exists in these sources or not. As such, SDF is seen by customers as a data source access and data security gateway. SDF also semi-automatically discovers devices, data sources and data, and imposes data governance, while supporting standard applications such as reporting, BI and analytics.

By:
Josh Perry, Technical Writer and Content Manager

Contact:
josh.perry@whamtech.com

Sources:

“Insider Threat Statistics for 2020: Facts and Figures.” Ekran System, 19 June 2019, www.ekransystem.com/en/blog/insider-threat-statistics-facts-and-figures.

Goddijn, Inga. 2019 Year End Report: Data Breach QuickView. Risk Based Security, Inc., 2020, https://www.riskbasedsecurity.com/2020/02/10/number-of-records-exposed-in-2019-hits-15-1-billion/.

Data Breach QuickView Report: Year End 2018 – Data Breach Trends. Risk Based Security, Inc., 2019, https://pages.riskbasedsecurity.com/2018-ye-breach-quickview-report.

Data Breach QuickView Report: Year End 2017 – Data Breach Trends. Risk Based Security, Inc., 2018, https://pages.riskbasedsecurity.com/2017-ye-breach-quickview-report.

Data Breach QuickView Report: 2016 Data Breach Trends – Year in Review. Risk Based Security, Inc., 2017, https://pages.riskbasedsecurity.com/2016-ye-breach-quickview.

Data Breach QuickView Report: 2015 Data Breach Trends. Risk Based Security, Inc., 2016, https://www.riskbasedsecurity.com/2016/02/02/2015-reported-data-breaches-surpasses-all-previous-years/.

Data Breach QuickView Report: 2014 Data Breach Trends. Risk Based Security, Inc., 2015, https://www.riskbasedsecurity.com/2015/02/23/2014-data-breaches-a-billion-exposed-records-a-new-all-time-high/.

Data Breach QuickView: An Executive’s Guide to 2013 Data Breach Trends. Risk Based Security, Inc., 2014, https://www.riskbasedsecurity.com/2014/02/18/2013-data-breach-quickview/.

Data Breach QuickView: An Executive’s Guide to 2012 Data Breach Trends. Risk Based Security, Inc., 2013, https://www.riskbasedsecurity.com/2013/02/11/2012-sets-new-record-for-reported-data-breaches/.