Publicly reported global breach volumes dropped 48% last year compared to 2019, but the number of exposed records soared 141% to top 37 billion, according to new data from Risk Based Security.
The security vendor uses automated tools to crawl the internet for info on breaches, which are then manually verified by human researchers, who also obtain data from Freedom of Information requests.
The resulting 2020 Year End Report revealed a total of 3932 breaches last year, although it explained that around 5% to 10% more from 2020 may end up being disclosed over the coming months. That would apparently put the year roughly in line with 2015 and 2016 in terms of breach volumes.
The soaring number of breached records also includes those that have been exposed through cloud misconfigurations but may not actually have been compromised by attackers.
In fact, 30.4 billion (82%) of the breached records listed in the report came from just five incidents, all of which were down to misconfigured databases or services. The vendor admitted “there is scant evidence the data has been used for malicious purposes.”
External actors accounted for 77% of breaches, and of those caused by insiders, the vast majority (69%) were down to human error or oversight. The use of stolen credentials was the number one confirmed method of entry for attackers.
In a sign of the growing popularity of “double extortion” attacks, 676 breaches (17%) included ransomware as an element, an increase of 100% on 2019.
“We do not believe fewer breaches are happening,” argued Risk Based Security executive vice-president, Inga Goddijn.
“Disruptions at certain governmental sources, delayed reporting and declining news coverage have all contributed to fewer breaches coming to light in 2020, but that is only a part of the story. More complex and damaging attacks have also contributed to lengthy and complex investigations.”