ITRC Q1 2024 Breach Report findings: A few surprises

The Identity Theft Resource Center (ITRC) has released its Data Breach Analysis for the first quarter of 2024, and some of its findings will be surprising to anyone who’s been following cyberthreat trends.

A valuable resource

For those who don’t know, the ITRC is a nonprofit organization “established to empower and guide consumers, victims, business, and government to minimize risk and mitigate the impact of identity compromise and crime.”

It provides a wealth of resources including education about how to avoid identity theft and how to respond when it occurs, along with live, direct assistance and guidance to victims at no cost.

And for cybersecurity professionals, its quarterly and annual reports are an invaluable source of up-to-date information about current trends in the threat landscape, enabling them to adjust their security practices to address the most salient risks.

Q1 2024 key findings

The latest quarterly report includes a lot of interesting information. Some of it is good news, some of it is worrisome, and all of it is useful to anyone in a cybersecurity leadership position. Here are some of the highlights.

Compromises up; victims down

The total number of compromises the ITRC recorded nearly doubled compared to Q1 2023, from 442 to 841. This is pretty dramatic, especially considering that the number in Q1 2022 was 404, only 10% less than the following year. This may reflect the increase in the use of AI to make attacks more targeted and effective, as well as to increase the number of attacks launched.

Interestingly, however, the total number of victims — that is, individuals whose data was compromised — saw a very significant drop, to 28.6 million compared to 100.7 million in Q1 2023. This is consistent with the increasing use of precisely targeted attacks as opposed to the “spray and pray” techniques of earlier years.

For cybersecurity professionals, this increase in the use of sophisticated, highly targeted attacks is an indication that traditional security measures, including the use of password-based access controls, offer inadequate protection. It’s imperative that organizations move quickly to adopt more advanced security measures, including AI-based threat detection and a Zero Trust architecture.

Finance bumps healthcare from top spot

For the first time in years, the healthcare industry did not record the highest number of compromises, yielding the top spot to financial services. Both industries saw significant increases over Q1 2023. But healthcare’s jump from 81 to 124 compromises is much less than the overall increase of nearly 90%. Whereas financial services compromises soared from 70 to 224, a massive increase.

What might this mean? Well, for a long time healthcare had relatively poor security overall, which no doubt contributed to its attractiveness as a target. At the same time, financial services have traditionally invested more than many other industries in security.

It may be that healthcare organizations have now rectified their previous security deficits. So cyber crooks may well reason that, if it’s no easier to penetrate healthcare networks than finance networks, they’d be better served to attack the latter. After all, as Willie Sutton’s (likely apocryphal) quotation has it, “that’s where the money is.” In any case, financial services organizations would do well to urgently audit their security infrastructure with an eye to hardening it.

More notices; less info

One rather dismaying finding is that organizations are far less forthcoming in their notifications than in the same period last year. In Q1 2023, more than 50% of cyberattack-related breach notices included information about the root cause of the breach. In Q1 2024, that number dropped to less than one third.

This is frankly disappointing. It’s understandable that breached organizations want to minimize the reputational damage that might come from publicizing the causes of a breach. However, in today’s rapidly evolving threat environment, effective security depends ever more on the timely sharing of information about successful attacks. The decision to place individual cost reduction above the collective security of an entire industry makes everyone less secure in the long run.

Given the reality, organizations would do well to strengthen their ability to conduct post-attack forensic analysis and to improve visibility across their IT infrastructure.

Get the full report

There’s plenty more interesting and actionable information packed into this brief, easy-to-digest report. It’s free to download in PDF format from the ITRC’s website, although you’ll have to submit your name and email address to do so. Get your copy now.