On Jan. 24, 2022, the Identity Theft Resource Center (ITRC) released its 16th Annual Data Breach Report covering the scope of data compromises in 2021, and the insights are more than a little troubling. Last year, the overall number of publicly reported breaches reached 1,862, breaking the record of the previous all-time high of 1,506 in 2017 by 23%. This number also represents a 68% increase in reported compromises compared to 2020. With a litany of high-profile cyberattacks occurring last year, from CNA Financial to Colonial Pipeline, we're likely witnessing the beginning of an unsettling trend in cybersecurity threats. To help arm organizations with the knowledge they need to address and prevent data breaches, here are the main highlights from the 2021 data breach report and what the future of organizational cybersecurity looks like in 2022.
Highlights from the 2021 ITRC data breach report
Cyberattacks are on the rise
Although the ITRC's report covers all types of leaks and breaches, cyberattacks were by far the most common cause of compromises. In fact, 2021 had a total of 1,613 incidents related to cyberattacks alone, compared to 1,108 total incidents in 2020.
Ransomware becomes increasingly common
Ransomware continues to be a significant attack vector, with the number of related breaches doubling every two years. At this rate, ransomware attacks are expected to become the greatest threat to cybersecurity in 2022, surpassing phishing as the number one cause of data breaches.
Sensitive information incidents are growing steadily
While the percentage of events involving sensitive data, such as Social Security numbers and other personally identifiable information, is increasing year over year, it remained below 2017's record high of 95%. There was only a 3% increase between 2020 (80%) and 2021 (83%). However, the number is still on the rise.
The number of victims decreases
In positive news, the total number of victims affected by data breaches decreased by 5% in 2021 compared to the previous year. This statistic represents a larger trend in cybercrime as threat actors shift their approach away from targeting vast, indiscriminate amounts of data. It's also important to note that the number of people whose data gets compromised multiple times a year remains high.
Breaches increase across all sectors
Aside from the military, which doesn't publicly disclose data breaches, every sector has seen a growth in the number of data compromises year over year. The manufacturing & utilities sector had the most significant increase in 2021 at 217% over the previous year.
What did Q4 look like for 2021?
The ITRC's previous data breach report for Q3 of 2021 had some already concerning statistics. By Q3, the number of reported incidents had already surpassed the whole of 2020, and Q4 was no exception to this trend. From October to December alone, there were a total of 501 cyberattacks impacting over 3.5 million people, the largest number of any quarter before.
Looking forward to 2022
In a press release provided by the ITRC, Eva Velasquez, president and CEO of the non-profit, said, "The number of breaches in 2021 was alarming … There is no reason to believe the level of data compromises will suddenly decline in 2022." Moving forward, Velasquez urges organizations to take a proactive approach to their "cyber-hygiene" in order to protect customer and company data. This starts by assessing the current threats posed by cybercriminals and creating plans to address security issues.
Cybercriminals shift focus
As previously mentioned, threat actors are moving away from mass data acquisition, a trend that has decreased the total number of victims impacted by data breaches. Instead, these cybercriminals are now targeting specific types of data.
Exploring root causes
Of the 1,613 breaches and data exposures that occurred in 2021, ransomware was the root cause of 350 of these attacks, or 22%. Phishing made up 33%, or 537, of these attacks and remained the most prevalent vector used by hackers. However, the exponential rate of ransomware attacks will likely position it as the most significant root cause of data compromises in the coming year. Other primary root causes include malware at 9% and non-secured cloud environments and credential stuffing at around 1% each.
Consumer breach notices
The ITRC report also found that many consumer breach notices lacked valuable or actionable information. The lack of transparency or any consistent updates puts consumers at a disadvantage when it comes to effectively judging risks and taking actions to protect themselves. That's why the ITRC is launching a free data breach alert service in 2022.
According to Velasquez, "Too many people found themselves in between criminals and organizations that hold consumer information. We may look back at 2021 as the year when we moved from the era of identity theft to identity fraud."
Taking action
When it comes to securing your business, Inventu is here to help. We offer a powerful terminal emulation tool that will improve your organizational cybersecurity and protect against breaches.
Here at the Inventu Corporation, we equip organizations of all sizes with a revolutionary web terminal emulation tool called Inventu Viewer+, a high-performance emulation solution that is built with C at its core. Inventu Viewer+ supports SAML 2.0 and other identity technologies to enable securing your critical mainframe applications. This allows the deployment of reliable and safe software using clean HTML and JavaScript hosted on secure Windows servers. All in all, the Inventu Viewer+ web terminal emulation meets employer and staff expectations in a way that feels both familiar and simple. Contact us today and see how Inventu can help you integrate your active terminal emulation with the best web identity frameworks available.