The studies are out, the results are in, and according to Risk Based Security, this year is trending to be the worst ever for data breach activity. We are now almost three quarters of the way through 2019, and by now the number of breaches is up 54% over 2018, totaling 4.1 billion exposed records in 3,800 breaches (3.2 billion of which were compromised from only 8 breaches before the year is even over).
All the evidence in the report thus indicates this upward trend. This tracks with other research, such as that from F-Secure. This company’s Attack Landscape H1 2019 report has revealed a similar growth in the proliferation of cyber attacks against Internet of Things (IoT) devices. To conduct their study, the company used a global network of honeypots—dummy servers that appear as standard hardware to bait attacks, which can then be examined from a safe environment. Upon completion, the researchers discovered that the number of attacks from January through June was twelve times higher than it was during the same period last year. 2.9 billion events were measured in total, the first time this method “has ever hit the billion mark.”
Automated threats accounted for 99.9% of all strains found in the honeypots. The highest sources of all attack traffic were in China, the US, Russia and Germany, representing an increased risk of nation-state level actors conducting cybercrime campaigns on a large scale. Leveraging any number of compromised IoT devices, for which security is still often an afterthought, could allow malicious actors into networks containing all the sensitive information they could want. The benefit of the scattershot approach taken here is potentially great reward for very little effort. Especially since all that has to happen for success is poor security in a connected device, or a user unwittingly activating the trap with a clickthrough or an install.
There is no shortage of vulnerabilities waiting to be exploited. Even Google Chrome was revealed a couple of weeks ago to have a flaw that would allow hackers to view, alter or delete sensitive data. Though quickly patched, it just goes to show how entities of all sizes are not invulnerable. If 2019 is to see the most data breach activity ever, that is important for everyone to keep in mind as they try to mitigate their risks and keep their systems secure.