CUbroadcast
  • Home
  • Episodes
  • Supplier Central
  • Knowledge Hub
  • StudioLounge
  • News
  • Careers
  • Industry Pods
  • Livecast
  • VideoTips
  • Subscribe
  • VideoServices
  • Sponsorships
  • About
  • Contact
  • Home
  • Episodes
  • Supplier Central
  • Knowledge Hub
  • StudioLounge
  • News
  • Careers
  • Industry Pods
  • Livecast
  • VideoTips
  • Subscribe
  • VideoServices
  • Sponsorships
  • About
  • Contact

New Analysis Reveals Number and Severity of Known Data Breaches in 2022 is Nearly Double What’s Been Reported

2/15/2023

0 Comments

 
PictureJim Van Dyke
Last month, the Identity Theft Resource Center (ITRC) reported that the overall number of publicly reported data breaches in 2022 remained at a steady high (1,802 incidents), coming up just shy of the record-high of 1,862 incidents reported in 2021. Further analysis of the ITRC data by Sontiq, a TransUnion company, reveals the number of entities compromised by those 2022 breaches reached 3,495* — nearly twice the number of publicly reported breaches.

Jim Van Dyke, senior vice president of innovation at Sontiq, explains that Sontiq’s calculation is based on how the company’s proprietary algorithm accounts for breaches at third-party vendors, also known as supply-chain attacks. Of the publicly reported incidents, half were third-party breaches that gave attackers access to the data of companies served by the breached vendor.

Sontiq’s analysis shows 3,495 compromised entities in 2022, of which 1,745 originated from a third-party data breach. This is a nearly 45% increase over the 2,417 compromised entities Sontiq analyzed in 2021 and a year-over-year increase in third-party breaches of more than 220%.

Van Dyke, who has served as an expert harms witness in some of the country’s largest data breach litigations, noted that cybercriminals are pursuing supply chain attacks for a higher return on effort.

“By focusing attacks on the accounting, payroll or administrative firms that serve multiple clients, a single breach can give an attacker access to the data of multiple organizations at once, including customer and employee records,” he said.
Third-Party Breaches Getting More Severe

Van Dyke noted that the severity of third-party data breaches, as measured by Sontiq’s BreachIQ AI algorithm, is also trending higher. BreachIQ analyzes more than 1,300 factors to assess the severity of a data breach and assigns a unique Breach Risk Score on a scale of 1 to 10 for each incident. The algorithm also identifies the primary risks associated with a breach, as well as recommended protective action steps specific to that breach.

In examining the average Breach Risk Score year over year, the severity of third-party breaches increased 10% in 2022. Meanwhile, the severity of primary breaches increased a mere 2%.

Higher-Risk Data Breaches Warrant Quicker Action by Consumers

According to Van Dyke, individual data breaches that score higher than 4 warrant stronger action from those affected due to the potential risks. (Consumers can check on the severity of any publicly reported breach on the Sontiq website.)

“When a data breach reaches a score greater than 4, typically several pieces of sensitive personal information have been compromised,” said Van Dyke. “This greatly increases the odds of serious identity theft and fraud scams, which give criminals direct access to a victim’s workplace or personal financial, medical and social accounts.”

That said, Van Dyke added that even low-scoring breaches can be dangerous because cyber thieves are willing to work harder to access a victim’s financial accounts. When criminals obtain less-sensitive information in a data breach, they often use social engineering techniques to extract more personal information to gain direct account access or commit payments card and peer-to-peer (P2P) payment fraud.

A free online tool is available at www.sontiq.com/breachiq/#search-breached-organizations for anyone who wants a risk score and recommended actions for a particular data breach.

* The ITRC’s figure is based on the number of initially breached organizations, while Sontiq includes entities whose data was exposed by the initial breach. Both are considered valid breach counts by the industry. Sontiq believes its approach provides more value to protecting organizations and consumers from potential data compromise.

0 Comments



Leave a Reply.

    Picture

    Author: Mike Lawson

    Married to a most gorgeous and wonderful wife, raising 5 kiddos (including twins!), enjoy helping others tell their stories, and love surfing SoCal waves. Keep it simple.

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    November 2019
    February 2019
    December 2018
    September 2018
    May 2018
    February 2018
    October 2017
    August 2017
    February 2017
    January 2017
    November 2016
    September 2016
    July 2016
    May 2016
    April 2016
    March 2016
    December 2015
    November 2015
    October 2015

    Categories

    All

    RSS Feed

CUbroadcast
Privacy Policy  •  Copyright © 2023 CUbroadcast