There were 1,903 publicly disclosed data compromise events in the first three months of the year, exposing over 1.9 billion records, according to Risk Based Security.
No other first quarter has seen this level of activity, putting 2019 on pace to be yet another “worst year on record” for the number of publicly reported breaches.
“The number of data leaks – both in the form of open, unsecured services and credentials leaks – reached new levels this quarter,” commented Inga Goddijn, executive vice president and head of Cyber Risk Analytics.
“Researchers are increasingly going public when they discover sizable, unprotected databases containing sensitive information and unfortunately, they aren’t terribly difficult to find when you know where to look.” The report finds that 67.6% of records compromised in Q1 were due to exposure of sensitive data on the Internet.
A particular area of interest for the research team is breach event timelines. Throughout 2018, the QuickView Reports focused on analysis of the time interval between the date an incident is first discovered by the breached organization, to the date the incident is first publicly disclosed.
Initial research indicated the gap between discovery and disclosure incrementally shrank from 2014 though the first quarter of 2018, but stalled for the remainder of the year.
This lack of improvement prompted a new focus for 2019: digging deeper into the factors that may be influencing why some organizations are quicker to disclose a breach than others. This quarter, analysis focused on whether there is a correlation between discovery method and time to disclose.
The theory being, organizations that are better able to detect a breach will also be better positioned to respond swiftly.
In an interesting twist, the data did indeed show there is a correlation between discovery method and time to disclose, but it was not the expected outcome.
In Q1 2019, organizations that were alerted to the event from external sources – such as law enforcement, researcher or customer reporting, fraud monitoring or actor disclosure – were on average 31 days quicker to publicly disclose the event than organizations that learned of the incident through internal sources.
“Clearly our hypothesis, that organizations finding their own breaches will report them faster, was dead wrong this quarter,” commented Ms. Goddijn.
“We will be following this metric closely throughout the year. For now, it’s too early to say whether the result we found for this quarter is an outlier or a fairly typical outcome.”