With reports of data breaches coming in almost every day and sometimes more than once a day, it’s becoming harder to keep track of all of them. 69% more data violations in 2021 than in 2020, According to the Identity Theft Resource Center (ITRC) in its annual report on data breaches..
In the report, the ITRC identified three primary causes of data breaches: data leaked or stolen due to cyber attacks, such as phishing or stolen certificates; A mistake, such as a lost device or a system with the wrong configuration; And a physical attack, such as a scammer at a gas station pump stealing payment card data. More than one-third (38%) of data breaches did not reveal the root cause of the agreement (not specified, unknown or not available), an increase of 190% since 2020.
As expected, most data breaches in 2021 were the result of cyber attacks. The ITRC says that in 2021, there will be more cyber-attack-related data compromises than all data compromises in 2020.
Phishing and related attacks – such as smashing (phishing temptations sent via SMS messages) and business email compromises (phishing messages sent under the guise of being a colleague or supervisor) – were the most common primary causes of data breaches in 2021. Ransomware was not far behind, and malware was the third most common cause of data breaches. The ITRC predicts that at the current growth rate, ransomware attacks will overtake phishing in 2022.
About a quarter of the data breaches were the result of cyber attacks, but it is not known what the method was.
Security incidents are not always corrupt – people are prone to make mistakes. The most common error resulting from data breaches in 2021 was a well-known one: someone emailed sensitive information to the wrong person. A salesperson may accidentally send a customer list with the same name as the intended recipient to someone outside the organization. Or the employee did not understand who was on the recipient list when everyone answered, accidentally sending proprietary information outside the organization. Is wrong.
Configuration errors were the primary cause of more than one-third of data violations that resulted in errors. This includes both errors in configuring firewalls – allowing attackers access to internal systems that should not be seen from outside their organization – as well as cloud systems and servers that were incorrectly configured to allow unauthorized access. Gartner predicts that incorrect configuration will cause 99% of all firewall violations Through 2023.
On the other hand, physical attacks appear to be declining, with 51 incidents occurring in 2021, up from 118 in 2019. It may have had more to do with the second year of the epidemic, and people still restricted their physical activity. Many people are still working remotely, and the rise of online shopping and delivery services means there is less chance of an attack that requires the victim to be physically present, such as a payment card scam or device theft.
The ITRC says 294 million people were victims of data breaches in 2021.
