A Quick Look at the 2019 ITRC Breach Report
By Bil Harmer, Chief Evangelist and CISO at SecureAuth
The results are in! The 2019 End of Year Breach Report by the Identity Theft Resource Center (ITRC) has been released. And well… the news is a bit mixed as we look back on 2019. On the one-hand, a few of the high-level metrics absolutely showed an improvement over the previous year – Exposed Consumer PII records were down 41%, the overall number of records exposed was down approximately 50%, and the number of non-sensitive and sensitive records each decreased from 2018.
But on the other hand, some of the other high-level metrics are on the rise - the total number of breaches reported by the ITRC for 2019 is up approximately 17% to 1,473 from 1,257 in 2018. And the number of non-sensitive records exposed in the Banking/Credit/Financial sector increased 5-fold to 100,621,770 from 20,000 - while the Medical/Healthcare sector experienced an even larger jump moving from 1,852 to 39,378,157 in 2019.
Companies in the “Business” sector exposed 99.99% of the non-sensitive records (+705.1 million) in 2019. And the sector exposed the third largest number (18.8 million) of sensitive records trailing behind only Banking/Credit/Financial (+100 million) and Medical/Healthcare (+39 million) sectors respectively. The overall number of breaches for the Business sector increased in 2019 by 10.5% from 576 to 644 accounting for approximately 44% of the total number of breaches recorded in 2019.
In this year’s report, the ITRC highlighted a few noteworthy threat challenges on the rise in 2019:
- Unsecured databases proved to be a source of data exposure
- Credential Stuffing was utilized by bad actors to gain unauthorized access
- Third-party vendors continued to be a source of data breaches
- Convenience continues to be an enabler of data breaches
We all agree security is of paramount importance for organizations of all sizes. Protecting and securing valuable corporate resources is top-of-mind for IT and Business leaders. But a challenge for many is finding the balance between securing resources without impacting efficiency, productivity, and the user experience. If the ITRC report revealed anything this year, it is the need to ensure employees, customers, and partners are securely accessing valuable corporate resources. Regardless of where any of the business-critical resources are hosted, access must be appropriately deployed and managed.
In our next post, we’ll address how a purpose built Identity and Access Management solution can simultaneously secure and protect your environment while providing an exceptional user experience by leveraging tools such as passwordless authentication and self-service capabilities to increase productivity and efficiency.