Ci spiace, ma questo articolo è disponibile soltanto in Inglese, Russo e Ucraino.
Over 20 billion data records lost or stolen in 2020
In 2020, there were recorded 1,120 breaches and cyber attacks. Most of these incidents were reported by the world’s major media and accounted for 20,120,074,547 breached records.
The number of disclosed incidents that occurred in the second half of the year shows the impact that COVID-19 has had on organizations. Besides, there was a 50% increase in breached records compared to 2019.
What`s the biggest concern?
Researchers have distinguished between breaches caused by hackers and those that are the result of an organization leaking data by mistake. Thus, the report of itgovernance.co.uk shows how security incidents happen and who is to blame.
Usually, there is a relatively even split between the number of cyber attacks and accidental breaches, yet not in 2020.
The number of data breaches is consistent (349 reported), whereas the number of cyber attacks has grown up to 771 incidents.
The reason is the pressure put on organizations due to COVID-19 and transfer to a remote workplace. Employees are more and more reliant on technology to communicate and share information, creating opportunities for attackers.
How organizations exploited
Often organizations don’t always know the cause of a security incident when it is disclosed or reported.
However, ransomware is the most prevalent cause, with 289 cases. This makes it by far the most common cyber attack method, ahead of system vulnerabilities being exploited (60), phishing attacks (40), and malware (33).
There were certainly more cases of each cyber attack method, but they used to be simply the initial stage of more sophisticated attacks, which are usually unnoticed.
For instance, many cybercriminals inject organizations’ systems with ransomware via phishing scams Here the ransomware is just the first step and what organizations` first focus, but it doesn’t disclose the full incident.
When it comes to the leading cause of breached records, internal errors topped the board, causing 83% of them. As a rule, these cases happen when employees send information to the wrong person, leave sensitive physical or digital files in a public place, or fail to install updates.
Internal errors are frustrating for employers, who have no one to blame but themselves: it’s their responsibility to educate staff on the security risks they might introduce and to show them how to avoid costly mistakes.
Malicious insiders are one more common cause of data breaches.
The most vulnerable sectors
For the second year running, the healthcare and health sciences sectors have been the most vulnerable. There were recorded 240 incidents, accounting for 1.2 billion breached records.
This is discouraging for both reasons because of the sheer number of records affected and the types of data involved. For instance, considering the nature of the incident, healthcare breaches can disclose medical information that may affect victims’ reputations.
Moreover, healthcare data can be used to commit fraud, launch phishing attacks and even reveal financial information.
The technology and media sectors are ranked the second most vulnerable sector, with 158 incidents and 3.3 billion breached records.
The education sector goes next, with 157 incidents and 884 million breached records. Similar to healthcare breaches, security incidents at educational organizations are extremely dangerous, as the majority of records involve children’s data.
In the UK and EU, this information is subject to specific protections within the DPA (Data Protection Act) 2018 and the GDPR (General Data Protection Regulation).
Schools faced plenty of other problems in 2020, making every effort to remain operational. This is an excuse for their failure to resolve security incidents.
Despite the fact, the education sector used to be one of the most vulnerable sectors even before COVID-19, the year 2020 became simply a continuation of an upward curve – although that’s the trend across all sectors.
Fortunately, the world returns to some level of normality in 2021, organizations will consider the importance of improving cybersecurity and take appropriate measures to better protect themselves.
