Flashpoint anticipates that the final numbers will be comparable, despite the fact that the number of breaches reported in the first half of 2022 was less than those for the same period in 2021.
In addition to compromising sensitive information, a successful data breach can have a negative effect on a company by setting the stage for ransomware and other seriously damaging cyberattacks. Security company Flashpoint examines the quantity and types of data breaches reported for the first half of 2022 in brand-new research titled State of Data Breach Intelligence: 2022 Midyear Edition.
Data breaches are down 15% year over year
For the first half of this year, organizations have so far disclosed 1,980 breaches. That’s around 15% less than the first half of 2021’s volume, which suggests a favorable trend. However, statistics might be misleading, particularly since corporations don’t always report breaches promptly.
The persistent delay in breach disclosures is the key cause of the decline in data breaches, according to Inga Goddijn, VP of structured intelligence at Flashpoint. “Reporting cadences are starting to return to normal, which is wonderful news. We predict that the number of breaches will actually meet or surpass 2021 as reporting catches up.
Over the same time frame, the volume of records exposed in breaches substantially decreased, from 27.3 billion last year to 1.4 billion this year, the lowest figure since 2015. According to Goddijn, this decrease is due to a decrease in open misconfigured services and database breaches, which can result in the loss of billions of records in a single incident.
13 data breaches that compromised 100 million or more records occurred last year. There have only been three such events so far this year. The FBS Markets breach, which was discovered in March 2021 and resulted in the loss of around 16 billion records, is one instance from the previous year.
When comparing annual totals, the number of breaches increased for a number of years before declining in 2020. From 6,807 in 2017 to 7,154 in 2018, and then 7,632 in 2019, the figure increased. From there, it rapidly decreased to 4,472 in 2020 before slowly increasing to 4,630 in 2021. It is difficult to predict the total numbers for 2022 at this time, although they may be comparable to or perhaps surpass the figure for 2021.
Causes for data breaches
Hacks, which have been the most common sort of breach for the past few years, were responsible for the majority (60%) of the breaches recorded during the first half of 2022. 11% of the breaches had an unknown origin, whereas other breaches were brought on by fraud or viruses.
Around a quarter of the breaches with a clear cause happened inside the afflicted business, suggesting some kind of insider threat. Of these, the majority (61%) were attributable to data handling errors rather than willful malice. The rest, however, were brought on by activities ranging from small-scale thefts of client credit card information to thefts of cutting-edge technology and confidential source code.
Flashpoint examined the sorts of data stolen in breaches during the first half of the year and discovered that names and social security numbers were the most commonly breached data. Addresses, financial information, dates of birth, account information, medical information, email addresses, credit card numbers, and passwords were among the other sorts of data discovered in breaches.
Avoiding a data breach
How can businesses effectively guard against data breaches? Flashpoint provides some advice.
To start, you must confirm that the databases you use are safe and resistant to intrusion and compromise. Second, you must have robust vulnerability and patch management processes, particularly if you rely on any kind of open data, like the National Vulnerability Database maintained by NIST or the Known Exploited Vulnerabilities Catalog maintained by CISA. Organizations must be able to address security flaws that harm their assets as hacking was responsible for more than 60% of reported breaches.