Each week we look at the most recent events and trends related to data security and privacy. As we move further into the new year, we’re getting a better picture of just how bad 2021 was when it comes to cybersecurity – and in ten days, we’ll find out how many data compromises we suffered last year. With report after report, year after year pointing to little or no progress against cybercrimes, it begs a question that Shakespeare raised in Hamlet, giving us today’s episode title, “We know what we are, but know not what we may be.”
What We May Be
Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for January 14, 2022. Our podcast is possible thanks to support from Experian. Each week, we look at the most recent events and trends related to data security and privacy. As we move further into the new year, we’re getting a better picture of just how bad 2021 was regarding cybersecurity – and data breaches and cyberattacks on the rise. In ten days, we’ll find out how many data compromises we suffered last year. With report after report, year after year pointing to little or no progress against cybercrimes, it begs the question that Shakespeare raised in Hamlet, giving us today’s episode title, “We know what we are, but know not what we may be.”
Data Breaches and Cyberattacks on the Rise
For the purposes of today’s discussion, we know data breaches and cyberattacks are on the rise. Just how high can they go? Let’s start by looking at the number of cyberattacks reported by a leading cybersecurity provider, Check Point. Although the statistics reported by the company only reflect the experience of their customers, it’s reasonable to conclude the findings can be broadly applied – they are a big enough company, and they do business around the world.
Findings from Latest Check Point Report on Cyberattacks
What are the findings? Attempts to compromise corporate networks doubled in 2021 compared to 2020. In practical terms, that means an average customer saw 925 cyberattacks per week or nearly six attempts per hour.
However, that’s an overall average number. When you break the numbers down by individual sectors, the numbers move from interesting to eye-popping. For example, the most attacked companies among Check Point’s customers were in the Education sector. They saw a 75 percent increase in attacks to nearly ten attacks per hour in 2021. Attacks against healthcare providers increased 71 percent; utilities 46 percent; and manufacturing 41 percent.
In the case of education and healthcare, the attacks were mainly aimed at accessing customer information that could be held for ransom or sold to identity criminals. For utility companies and manufacturers, the attacks were often aimed at interrupting their business in hopes of getting a large ransom payment.
Check Point claims they blocked all of the attempted attacks outlined in their report. However, we know that is not true of every cyberattack at every company. Cybercriminals have a wide variety of tools and techniques at their disposal – from phishing and ransomware to malware and exploiting cyber habits.
Record Number of Software Flaws in 2021
One of the ways cybercriminals successfully attacked organizations, leading to data breaches and cyberattacks on the rise, is through software flaws. We talked last week about a widely used piece of open-source code that has been described as the most serious software vulnerability ever.
How many known software flaws are there? First, the number of known flaws also set a record in 2021. The list of known software bugs – officially referred to as the National Vulnerability Database – grew by almost ten percent last year to 20,138 newly discovered flaws. That means, on average, a new software bug was found every 26 minutes. Not all of them were serious flaws. However, each one represents an opportunity to compromise an organization’s systems and put the data held there – including customer information – at risk.
ITRC 2021 Annual Data Breach Report
We’ll talk more about data risks in two weeks after the ITRC publishes its 2021 Annual Data Breach Report on January 24. We’ll present the findings at a virtual conference we’re co-hosting with the Better Identity Coalition (BIC) and the FIDO Alliance. Visit the Events page on our website to learn more.
Contact the ITRC
If you want to learn more about how to protect your personal information or if you think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone (888.400.5530), chat live on the web or exchange emails during our normal business hours (Monday-Friday 6 a.m.-5 p.m. PST).
Next week, it’s the first episode of the new year for our sister podcast, The Fraudian Slip. Join us for a conversation with ITRC CEO Eva Velasquez and Kelly Slaughter of the Federal Trade Commission (FTC).
Thanks again to Experian for supporting the ITRC and this podcast. We will be back in two weeks with another episode of the Weekly Breach Breakdown.
Also In Season 3
The Weekly Breach Breakdown Podcast by ITRC - Not Your Parents' FTC - S3E14Welcome to the Identity Theft Resource Center’s Weekly Breach Breakdown for May
The Weekly Breach Breakdown Podcast by ITRC - Selling Yourself - S3E13Welcome to the Identity Theft Resource Center’s Weekly Breach Breakdown for May
The Fraudian Slip Podcast ITRC - BiometricsWelcome to the Fraudian Slip…the Identity Theft Resource Center’s podcast, where
The Weekly Breach Breakdown Podcast by ITRC - The Nutmeg State - S3E12Welcome to the Identity Theft Resource Center’s Weekly Breach Breakdown for May