Breach Notification , Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime

Data Breach Culprits: Phishing and Ransomware Dominate

Unauthorized Access and Malware Also Among Top Causes, UK Privacy Watchdog Reports
Data Breach Culprits: Phishing and Ransomware Dominate
Overview of personal data breach reporting requirements (Source: U.K. Information Commissioner's Office)

Phishing, ransomware and unauthorized access continue to be the leading cyber causes of violations of data protection rules and personal data breaches, Britain's privacy watchdog reports.

See Also: Modernizing Malware Security with Cloud Sandboxing in the Public Sector

The Information Commissioner's Office, which enforces the country's data protection laws, including compliance with the General Data Protection Regulation, says it received 2,425 reports of security incidents in the first quarter of 2021. The quantity of reports has remained relatively steady for numerous quarters, barring a dip at the beginning of the coronavirus pandemic - from April to June 2020 - when the total number of reports was just 1,446.

While Britain is no longer part of the EU, the U.K.'s GDPR nevertheless still requires organizations that process or store Europeans' personal information to report data breaches affecting Europeans to a relevant authority within 72 hours.

Source: ICO

Failure to comply exposes organizations to fines of up to 4% of their annual global revenue or 20 million euros ($24.5 million) - whichever is greater. Violators also can have their ability to process personal data revoked.

Comparing Q1 of 2021 with Q4 of 2020, for breaches that traced to a cybersecurity cause, phishing attacks and ransomware attacks continue to dominate. The next most common cause of cybersecurity breaches was "other," followed by unauthorized access, which declined by 70% from the prior quarter. The next most common cause, malware, rose by 43%, from 24 to 46 incidents.

Source: ICO

For breaches that traced to a non-cyber cause, emailing, mailing or faxing personal data to the incorrect recipients continued to be the leading culprit. Loss or theft of paperwork or data left in an insecure location - and to a lesser extent, devices containing personal data - was another common culprit.

As the ICO notes: "These figures are based on the number of reports submitted by the data controller, not necessarily the number of incidents."

Underreporting Remains Common

Britain's National Crime Agency says that cybercrime continues to be underreported to the ICO and to law enforcement agencies.

"Despite an obligation to report data breaches to the Information Commissioner’s Office, underreporting and inaccurate estimates continue to impact our ability to understand the true scale and cost of cybercrime to the U.K.," the NCA says in its new National Strategic Assessment of Serious and Organized Crime 2021 report.

"This is partly because of low rates of awareness, monitoring and understanding of the costs associated with cyber breaches," it says. "In some cases, victims are reluctant to report because of potential reputational damage or uncertainty over what needs reporting and to which agencies."

Comparing the 12 months ending in September 2020 with the prior 12-month period, NCA says it received a consistent number of reports of fraud and criminal hacking, even while the severity of many attacks continued to increase.

"We have seen dramatic increases in ransomware attacks, and growing levels of cyber-enabled fraud. Offenders commonly use specialist and commercially available encryption to hide their communications and cryptocurrencies to launder their profits," says NCA Director General Lynne Owens.

Fraud remains the leading type of crime that individuals in England and Wales will experience, the NCA reports. Many of the fraud cases it tracked in the report were tied to phishing emails.

"The U.K. public’s increasing reliance on online services during the pandemic encouraged cyber-enabled fraud, for example online shopping and auction fraud, with those lacking knowledge or skills to operate securely online being particularly vulnerable," the NCA reports.

Due to increasingly sophisticated phishing campaigns, "even those who consider themselves fraud-aware" found themselves at increased risk, the NCA adds.

The NCA - just like other law enforcement agencies across the U.S. and EU - has been tracking an ongoing increase in ransomware attack severity.

"Ransomware continues to dominate law enforcement and media attention due to the financial, data and service losses incurred by victims," NCA says. "This year has been notable for the increasing use of an accompanying threat to publish stolen data by ransomware operators. Industry partners estimate that over 50% of all ransomware activity includes this additional threat."

US View: Phishing and Ransomware Dominate

U.S. public data breach reports (Source: ITRC)

Looking beyond Britain, phishing and ransomware are also the two leading causes of all data compromise incidents reported in the United States in the first three months of this year, according to the Identity Theft Resource Center, a nonprofit organization dedicated to helping data breach victims.

In an analysis of publicly reported U.S. data breaches, the ITRC says that when comparing Q4 2020 with the first quarter of this year, the total number of reported breaches and data exposure incidents increased 12%, reaching 363 incidents.

The total number of exposed records for U.S. incidents reported in Q1 was 51 million, up from 8 million records that were reportedly exposed in Q4 2020.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.asia, you agree to our use of cookies.