As technology becomes the first and the last frontier of the 21st century, many individuals and organizations exploit the advent of the internet to wreak havoc on people at different levels. As the internet becomes more accessible to most people in the world, a research study has revealed that 2019 may be the “worst year in the record” for the number of reported and disclosed data breaches and leaks all around the world.
The report was published by Risk Based Security (RBS), a technology firm focused on cybersecurity, in their Q1 2019 Data Breach QuickView Report. The said report is an investigation of the different minor and major data breaches that were reported from January to March of 2019.
It was revealed by the Risk-Based Security on May 7th that there were 1,904 publicly disclosed data breaches in the first three months. Aggregately, the breaches were able to expose more than 1.9 billion records which include but are not limited to names, passwords, email addresses, credit card information, phone numbers, and IP addresses.
RBS is a tech company that provides information and analysis on disclosed and publicly available data breaches, vendor risk ratings and vulnerability. The organization conducts a quarterly review of all the publicly disclosed data compromises and aggregates them to gain insight into the state of the world’s cybersecurity.
According to the press release by the tech firm, there is “no other first quarter [that] has seen this level of activity.” The massive increase in the number of publicly available and reported cases of data compromise compels the firm to infer that 2019 could be another “worst year on record.”
Executive Vice President (EVP) and head of Cyber Risk Analytics (CRA) at the Risk-Based Security Inga Goddijn said in a comment of the report that “the number of data leaks – both in the form of open, unsecured services and credentials leaks – reached new levels this quarter.
“Researchers are increasingly going public when they discover sizable, unprotected databases containing sensitive information and unfortunately, they aren’t terribly difficult to find when you know where to look.”
According to the said report, 67.6% or three quarters of the records that were compromised and leaked in the first quarter of 2019 between January and March were due to “exposure of sensitive data on the internet.”
One notable element of the study is the data breach event timeline. According to the researchers from Risk-Based Security, they have analyzed the gap between the time a breached organization discovers that they have been compromised and the time that they publicly disclosed the event to warn their users, employees, and other relevant parties, and they have found out that while the gap has already shrunk from 2014 through quarter one of 2018 but stalled for the remainder of the year. This means that the time it takes for an organization to publicly disclose a data compromise event from their discovery did not improve since the first quarter of 2018.
The time that it takes for a company to disclose a data breach is essential in fighting against cybersecurity risks and hackers as the tech firm suggested in their press release. According to them, they wanted to fight out if there is a correlation between the discovery method of the breach and the time to disclose.
“The theory being, organizations that are better able to detect a breach, will also be better positioned to respond swiftly,” wrote Risk Based Security.
While the researchers did not expect to find a correlation in the results, they surprisingly were able to correlate the discovery method of the breach to the time to disclose. According to the results, organizations that discover the breach from external sources (law enforcement, independent white hat hackers, etc.) are more likely to respond quicker than those that internally found the data compromising event. Quantitatively, external discovery will prompt the organization to disclose the breach 31% faster than internal discovery.
“Clearly our hypothesis, that organization finding their own breaches will report them faster, was dead wrong this quarter,” Goddijn added.
The organization said that they would be basing their future results on the interesting data they uncovered in the first quarter of 2019. It is interesting to know whether the overwhelming information is an outlier or that it is really a “typical outcome.”