Recent years have witnessed a surge in the number of data breaches, causing a massive financial hit to businesses worldwide. However, the digital transformation fuelled by the COVID-19 has only increased the number of malicious cyberattacks, bringing a new threat to companies handling sensitive data.
According to data presented by Aksje Bloggen, the healthcare, finance and information industry, as the three sectors most targeted by cyberattacks, accounted for one-fifth of all reported data breaches last year.
Social Engineering the Most Used Pattern in Data Breaches
Over the past decade, the cyber threat has grown exponentially, with cybercriminals increasing the scale, scope, and level of sophistication of their cyber attacks. Although companies and organizations worldwide increased their cybersecurity budgets, data breaches are still causing them huge financial losses.
In recent years, the global average cost of a data breach has fluctuated between $3.5 million and $4 million. In 2020, it hit $3.86 million, a 1.5% drop year-on-year, revealed the Ponemon Institute’s Cost of a Data Breach Report. The report also showed it usually took 280 days for an organization to spot and contain a breach, a day more than a year ago. However, these figures vary significantly based on industry.
Last year, companies and organizations worldwide reported 5,258 data breach cases, revealed the Verizon’s 2021 Data Breach Investigations Report.
Over 470 data breaches happened in the healthcare industry. Finance and the information industry followed with 467 and 381 cases, respectively. Statistics show that education services and manufacturing also ranked high on this list, with 344 and 270 reported data breaches last year.
The construction industry, administrative services, and agriculture sector were on the other side of the list, with 30, 19, and 16 cases, respectively.
The survey also revealed that, as in past years, financially motivated attacks continue to be the most common, while social engineering was the most uses pattern in breaches. Phishing is responsible for the vast majority of violations in this pattern, with cloud-based email servers being a target of choice. Business Email Compromises (BECs) were the second most common form of social engineering.
Two Largest Data Breaches in 2021 Exposed 753 Million Records
Although companies and organizations worldwide continue increasing their cybersecurity budgets each year, cyber attacks and data breaches continue to be one of the most significant risks in the business sector.
The two largest data breaches in 2021 exposed a total of 753 million records, according to DataBreaches.net statistics. In April, the personal data of over 500 million Facebook users were posted in a low-level hacking forum.
The exposed data included phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses of users from 106 countries, including over 32 million records on users in the United States, 11 million on users in the United Kingdom and 6 million on users in India.
Three months before that, Brazil experienced one of its biggest data leaks, involving the personal data of more than 220 million people and 40 million companies, probably stolen from the information and data services company Serasa Experian.
The exposed data included personal ID numbers, dates of birth, and full names of nearly all of the Brazilian population, credit scores, income, and other financial information, telephone service registration data; information on schooling, social payment benefits and LinkedIn information.
