It’s hard to know whether there are more data breaches occurring than in past years but the one thing that is for certain is more of them are being reported. A report from Risk Based Security, a provider of cybersecurity risk assessments, finds in the first six months of this year there were more than 3,800 incidents reported. That’s a 54% increase in the number of reported breaches compared to the same period a year ago.
According to the report, most of these incidents involved malicious actors outside an organization. In fact, the top three types of breaches remain unauthorized access of systems or services, skimmers and exposure of sensitive data on the Internet.
The same report also notes there’s been a 52% increase in the number of exposed records. However, it’s worth noting eight breaches reported within Q1 and Q2 of 2019 accounted for 3.2 billion of those records. Most breaches don’t appear to have involved nearly as many records.In the first half of 2019, 3.2 billion records were exposed in 8 data breaches. #infosec #databreach @mvizard Click To Tweet
The number of records involved in any breach is becoming an interesting metric to track because the size of the fines being levied is rising. A new report from Juniper Research predicts the cost of data breaches will rise from $3 trillion per year to more than $5 trillion per year by 2024. That represents an 11% average annual growth rate. There isn’t a direct correlation between the size of the fines being levied but the number of records involved but breaches involving large numbers of records tend to make headlines. Once a headline gets generated, the chances the fine will be high rise substantially as regulators look to make examples of organizations in the hopes of encouraging others to focus more on cybersecurity.
Juniper is also predicting that the number of opportunities to generate headlines will increase as more business processes become digitized. The researchers are predicting there will be a 70% increase in data breaches being reported through 2024 as cybercriminals begin to compromise those processes.
More troubling still, the Juniper researchers say they expect cybercriminals to soon employ artificial intelligence (AI) tools to launch those attacks. At the same time, the Juniper Research report also notes that cybersecurity budgets are only going to rise 8% per year through 2024. Instead, the researchers say they expect to see a lot more focus on training end-users to better recognize cyberattacks versus continuing to look for a cybersecurity silver bullet that even in the age of AI may never exist.New research: Expect more focus on training end-users to recognize #cyberattacks versus continuing to look for a #cybersecurity silver bullet that even in the age of #AI may never exist. #infosec @mvizardClick To Tweet
None of this means that huge strides in terms of cybersecurity are not being made. However, those efforts may not be enough to keep pace with the increasing scope of the threat. The challenge now may be to focus more on how data is stored with an eye toward reducing the number of records that can be compromised during any single breach. Breaches are all but inevitable. However, the smaller the breach the less likely it is to attract a level of scrutiny that once it gets started becomes nearly impossible to escape.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.