Companies are reporting fewer data breaches in 2020. This would appear to be excellent news – it means structural security changes from 2019 have been making an impact and protecting companies from data breaches. There are several factors that might be contributing to the low numbers of reported breaches – and the number of records compromised is much more dismal. Before we get our hopes up that data breaches are on the decline, let’s take a look at some of the factors involved. One thing is certain: security measures should still be as firm as possible.
Covid-19 and other events
State data on data breach numbers is lagging. Data breach reporting is not a high priority in the midst of all the other events and problems individual states are dealing with currently. Much attention is directed elsewhere, but recent events show that data breach protection is still necessary.
Working from home may be impacting companies’ ability to discover breaches, or at least their speed in doing so. The latest statistics reveal that it takes a whopping 280 days to detect and contain a breach. This means that some breaches that have been occurring since May will not be mitigated until next year. This number is already high, and it may be changing moment by moment. Especially when employees use their own devices, or if their home Wi-Fi does not have adequate security, the company might be unequipped to detect some types of breaches. Employees’ ability to discover a breach may be further limited by lack of training in data security, and by not knowing what the warning signs are.
Increased number of records compromised
There is an extreme increase in the number of records that were exposed this year – over 27 billion in total. The combination of fewer reports and higher number of exposed records is due to the fact that three breaches accounted for the vast majority of the total number of records. Even though the 27 billion records were not more evenly distributed between breaches, it is alarming that three breaches could expose such a huge amount of personal data.
Data breach severity
While the disparity between breaches and exposed records is mostly due to a few outliers, the severity of data breaches is also on the rise. The severity of a breach involves the type of breach, type of data compromised, and the people affected. As cybercriminals are getting more efficient and effective, companies experience malicious breaches that affect more people and data.
While working at home and spending more time on their devices in general, people are more often exposed to cybersecurity risks like phishing, ransomware, hacking, and hardware threats. Scammers and other cybercriminals are having more successes, taking advantage of people’s fears to get access to their personal data, and using stolen credentials to access more data records from their company. Regardless of whether the number of data breaches has gone down, we still need to take the risks seriously and take action to reduce them.
The truth is that when it comes to cyber threats and data risks, there are a lot of unknowns. The fact that it takes 280 days to detect and contain a data breach is reason enough for concern. Such a long incubation period for an attack means that companies could be compromised and go a full three quarters of a year without addressing it. The best course of action for any organization is to fix any holes in security immediately – internet security, hardware security, training and guidelines for employees, remote management software, product vetting, and security auditing.
Sign Up Now For a Free 30 Day Trial
We can tentatively hope that data breaches are truly declining, but that does not mean security can be relaxed. Fewer breaches in 2020 means security efforts implemented in 2019 are having an effect. The higher number of exposed records indicates that more security is still needed, especially for big companies that have millions of records at risk. This Cyber Security Awareness Month, do your part to protect the private data that customers, patients, and employees entrust to your company. #BeCyberSmart.
DriveStrike provides device and data security for all the devices you manage. Remotely lock, locate, encrypt, reboot, and wipe devices to prevent data breaches. DriveStrike works on all major platforms – the DriveStrike command center includes the ability to manage Windows BitLocker encryption keys, as well as advanced configuration for Android devices. Sign up for a free trial to start protecting your devices and data today! Give us a call at 877-375-2468 if you have any questions about DriveStrike or data breach protection in general – we are here to help you 24/7.