The Q1 2018 numbers are in, and while it might be an overly optimistic conclusion, the breach landscape could be changing. Risk Based Security recently released its Q1 2018 Data Breach QuickView Report. The report compares the numbers from Q1 2017 and Q1 2018, which doesn't take into account the massive Equifax breach from September 2017.
According to the report, 686 breaches were reported between 1 January and 31 March. Approximately 1.4 billion records were exposed, indicating a shifting breach landscape with the number of reported breaches down from 1,442 incidents in Q1 2017. The approximate number of total exposed records is down from 3.4 billion.
Additionally, the number of disclosed instances of phishing for employee W-2 data dropped from 214 in Q1 2017 to 31 in Q1 2018.
“Over the past two years it's been very popular to target data for filing fraudulent tax returns. In 2017, we tracked over 200 such incidents. This year, the number is down significantly – to around 35 such breaches at the time the numbers were put together,” said Inga Goddijn, executive vice president Risk Based Security.
Of the reported total breaches, 50.4% were in the business sector with government at a distant second, accounting for only 14.4%. Medical (10.2%) and education (7%) trailed far behind. Fraud topped the list for type of breach to compromise the most records. Accounting for 1.3 billion exposed records during the quarter, fraud was only the seventh most common breach type, representing 4.8% of reported breaches.
The leading cause of breaches for the quarter was unauthorized intrusion, accounting for 38.9% of incidents, which exposed 10.9% of the total breached records, or 159 million records.
“Right now the biggest difference is the drop in the number of publicly disclosed breaches. We haven't seen a Q1 this quiet since 2012,” said Goddijn. “We also think the shift toward cryptomining is possibly easing some of the attention on data theft. It's still too early to say for sure, but it does go to show [that] malicious activity will follow the best opportunities for making a profit.”
Who is being impacted by the breaches has changed very little. Goddijn noted there have been no sizable changes in the type of organizations being breached, the type of data that is being exposed, the number of large events, insider vs outsider activity, breach severity scores or where breaches are taking place.
“We would have expected other sizable shifts to be evident along with the drop in the number of breaches but that is not the case,” Goddijn said.