Data Breaches Continue to Skyrocket, New ITRC Report Finds

Top 2 causes of breaches, phishing and ransomware, are hitting organizations of all sizes

We live in a data-rich world, where information is exchanged at lightning speed — all of which is vulnerable and some of it is quite valuable to savvy criminals, resulting in frequent data compromise. Data breaches can wreak havoc on the organization and the individual. Identity Theft Resource Center (ITRC) has released its most recent breach report, Q1 2022 Data Breach Analysis, analyzing the latest data breaches and compromises. It may be no surprise that the latest data breach figures continue to increase, up 14% over Q1 2021. Q1 2022 boasted the highest number of data compromises in the past three years, even after a record-breaking year in 2021.

As hackers become more sophisticated and adept at stealing and exploiting information for profit, they are finding more ways to attack. The ITRC report finds that 92% of data breaches in the first quarter of this year were the result of cyberattacks, with phishing and ransomware the two top root causes of data compromises. Ransomware is hitting organizations of all sizes, with small to medium-sized businesses (SMBs) being one of the big targets. In a recent survey, as reported by TechRepublic, 75% of SMBs said they would only be able to survive three to seven days following a ransomware attack.

Derek Manky, vice president of threat intelligence for Fortinet’s FortiGuard Labs reports a 100% increase in the rate of ransomware attacks and a near-vertical rise in the rate of exploitation for new vulnerabilities, including the Log4Shell vulnerability and the ProxyLogon bug. “Hallmarks of the underground economy now include weaponizing zero-day vulnerabilities and honing elaborate back-end infrastructures — plus ever-deeper pockets to fund all of it, writes ThreatPost.

According to the ITRC, healthcare, financial services, manufacturing and utilities, and professional services had the most compromises in Q1 2022, according to the ITRC report. Cybercrime is expected to cost the global economy $10.5 trillion by 2025. “Businesses have never been more vulnerable, and even large enterprises with substantial cybersecurity defenses can fall victim,” according to Electric.ai.

What's At Stake?

Individuals and companies are both at risk. The ITRC reports that there were 20.7 million individual victims of data compromise in Q1 2022. Compromised passwords are responsible for 81% of hacking-related breaches, according to Government Technology and the average person has over 100 passwords for multiple accounts.

Hackers that target companies are looking for sensitive information, financial information, product information and source code, corporate account data, and network control, according to Entrepreneur Magazine. Holding a company’s data ransom these days is lucrative and frequent. Cybercriminals are attacking corporate networks at least 50% more frequently now than in 2020; by the end of 2021, there were over 900 attacks per organization every week.

Enterprise systems were vulnerable to breaches well before companies shifted to remote work. The use of digital services, especially social media, on work devices is a particular risk for employers. Employee internet use is linked to enterprise security, states Tom Kelly, president and CEO of IDX, in a recent interview with Employee Benefit News. In a changing work environment and as employees are shifting back to work, keeping enterprise networks and employees safe from cyber threats must be a top priority for employers.

With data breaches so prevalent, unpredictable, and damaging, preparation is the best defense. Organizations first need to take action to reduce their breach risks and costs by implementing a pre-breach incident response planning service. With this planning in place, organizations can recover more quickly and minimize the severity of the impact. IDX’s Priority Response No Cost Master Services Agreement (MSA), ensures our clients are prepared if a breach occurs and only incur costs if you need data breach response services.

What can organizations do to better protect their employees, members, and clients — and their systems? By offering identity and privacy protection services as a paid or voluntary benefit. In fact, identity protection is part of a new generation of employee benefits focused on holistic employee well-being — including financial wellness — especially important at a time when employees may need a little extra wooing. According to the Society for Human Resource Management, financial wellness could be the key in reducing employee turnover.

Privacy awareness programs and tools can also protect your VIPs while also protecting your business. Here are a few quick tips:

• Update IT security policies. Ensure your organization has policies in place that outline BYOD policies, device security, and data sharing.
• Educate employees about careful clicking. The best rule of thumb is to never click links in online ads or unsolicited email.
• Regularly install patches. Update security software on all employees’ devices.
• Use a tracking blocker. This will stop data brokers from gathering personal information that could be used for targeted scams or phishing campaigns.

Forward-looking organizations know that a new approach is required to best mitigate identity and privacy threats and data breach risks. IDX identity and privacy solutions are the new generation of identity protection, using innovative technologies and a proven track record to help keep your employees and members safe, happy, and productive — even in a digital age where threats to an individual’s identity are growing exponentially. Similarly, to get ahead of data breaches, organizations are future-proofing with IDX enterprise business solutions to help them be prepared with pre-breach to post-breach planning.