The Identity Theft Resource Center has noted an unprecedented surge in hacking activities relating to the breaching of individual personal records in 2018 in their recent research. According to their study, most of these activities were primarily attributed to the continual use and reuse of individuals’ password and usernames as well as the vulnerability posed by third-party vendors. As claimed by experts, the breached data does not end there as they are exposed and sold on the dark web. In this case, cybercriminals purchase the data and use the information to gain illegal access to targeted websites. The hacking of personal records reached an unprecedented high of nearly a half billion in 2018, according to ITRC.
According to Franklyn Jones, CMO at Sequence, the automated attacks launched by cybercriminals have usually been successful because people use the same or similar passwords for different websites. This behavior makes them vulnerable without proper security in place. According to the report, a total of 1244 data breaches were recorded in 2018 against 1632 data breaches recorded in 2017. Also, a total of 446,515,334 data were exposed in 2018. In 2017, the data exposed was somewhere around 197,612,748. These figures indicate there was a decrease in the number of data breached in 2018 compared to the recorded incidents in 2017. From these figures, it is evident that data breaches decreased by 23% in 2018. However, the exposed sensitive data increased significantly by 126 percent from 2017 to 2018 which is close to half a billion.
From the findings, it was indicated that the medical or health sector had a larger share of exposed data, totaling 9 million, while the financial sector recorded 1 million counts of exposed data.
In 2018, hacking was identified as the most common form of a data breach affecting 842 records and 16 million exposed data. Hacking was also the number one form of data breach in 2017, according to the report.
The business sector recorded the highest number of data breaches in 2018 with 571 incidents. There was a 10% decrease in the percentage of the occurrence of data breaches, which totaled 907 in the business sector. The business sector recorded 46% of the total data breached in 2018 compared to the 56% recorded data breaches in 2017. The report further explained that most of the data breaches related to Social Security Numbers. The Health Sector recorded the least percentage of social security numbers breached.
There was 9.8% of data breached in the banking sector and 5.5% of data was exposed. In the medical or health industry, researchers found 6% of data was breached and 28.5% was exposed. The U.S. health sector has always been a target of cybercrime as its percentage of data breaches is usually high.
There was an interesting revelation in the research. The researchers revealed that there were exposed insensitive data as well comprising of additional 1.68 billion. In 2018, people’s email addresses, passwords and usernames were breached by cybercriminals. The report established that there is a cause for worry when an email address gets into the wrong hands. Hackers can use more advanced technical software to guess the passwords associated with that email and obtain illegal access to all associated accounts. When this happens, they may change the password of that account and log the user out of that account. In other words, it is possible to use insensitive personal data, like email, to obtain sensitive data. Things become worse when people use the same password for multiple accounts.
Researchers found seven causes of data breaches which are: insider theft, hacking (phishing, skimming, ransomware/ malware), data on the move, physical theft, employee error (negligence, lost, improper disposal), accidental web (internet exposure), and unauthorized access.
The data breach has been a global headache, and some countries, including India, have had their share of data exposed on the dark web.
According to George Wrenn, CEO of CyberSaint Security, cybercriminals are constantly searching for an organization’s weak spot to target. As part of his recommendation, he said, “an organization can equally match the cybercriminals when they focus on the active cycle of best practice adoption, measurement, analysis, and remediation that is easily transferable and measurable like any other business function.”
The data breach has become a global problem and it is the goal of every government to eradicate this activity. Regardless of how individuals and organizations invest in cyber security, there is always the need to be careful with the kind of links they click on and the need to avoid all types of negligence.
Authorities have taken measures to arrest some of the brains behind some of the cyber-attacks as a way to reduce related cases.