How do you follow up on an unprecedented year for data breaches? With another unprecedented year. After hackers took advantage of the pandemic-caused chaos of 2020, a new report from the Identity Theft Resource Center suggested that cybercriminals have actually increased their efforts in 2021 — demonstrating that even the most secure organizations need to constantly be on high alert for vulnerabilities.
An unprecedented quarter
Some of the numbers in the ITRC report are daunting. Through the end of the second quarter of 2021, the U.S. is on pace to see more reported data breaches than ever before, surpassing the current high of 1,632 separate instances in 2017.
In addition to the year-to-year change, the ITRC found that attacks have been on the rise as 2021 has gone on. The second quarter of the year, for example, saw a 38% increase in attacks from Q1, with a total of 491 indictment compromises from April to the end of June. Whether Q3 and Q4 follow a similar pattern remains to be seen, but if the trend continues the results would be catastrophic. Even if the number simply stays at the current annual average, rather than eclipsing that threshold, the total number of attacks will still surpass the 2017 mark.
The report did offer one silver lining, however. While the overall number of data breaches is on the rise, the number of individuals impacted by each one has actually gone down. If the numbers from the first half of the year hold, 2021 could see the lowest number of harmed individuals since 2014.
The ITRC lays out three categories of cybercrime that have seen the most growth and had an outsized impact on the total number of data breaches: Phishing, ransomware and supply chain attacks. Some of the most impactful of these data breaches of the first half of 2021 include:
- A July 4th to remember: Thousands of small business owners returned from their July 4 holidays to discover that the Russia-based hacking group REvil had performed a massive supply chain ransomware attack. The group is requesting a total ransom of $70 million in exchange for a decryptor key that will allow victims to regain access to their files.
- Pipeline problems: Usually when the population at large feels the impact of a data breach, it's because customer information was exposed (like in the infamous Equifax data breach). Not so in this ransomware attack on the Colonial Pipeline. Hackers were able to shut down the company's billing systems, requiring it to stop the flow of gas across the southeastern U.S. This caused notable shortages and a run on pumps across the region.
- The Accellion debacle: Some of the largest law firms, universities and government organizations in the country found that their sensitive data had been left out to dry after a popular file-sharing service called Accellion was hacked. The program in question was over 20 years old.
Cybersecurity you can trust
One of the easiest and most important ways to shore up your network is by ensuring all of your applications are protected by modern, secure identity frameworks. This can include multi-factor authentication, and some vendors are even moving to integrate biometric recognition technologies such as fingerprint readers.