Risk Based Security released their 2020 Mid Year Data Breach QuickView Report, revealing that although the number of publicly reported data breaches stands at its lowest in five years, the number of records exposed is more than four times higher than any previously reported time period.

In her “Top Breaches of 2019”, a security journalist asked if last year would “…be the worst on record?” It looks like 2020 could surpass last year’s breaches, but it’s not entirely due to consequences of the global pandemic. For sure, unprecedented levels of remote working has emboldened hackers to exploit new vulnerabilities, but there’s one very insidious risk that shows up year after year: the silent and unwitting exposure of sensitive data that no one notices… until it’s too late.

SANS Institute, a provider of cybersecurity training and certification services, lost approximately 28,000 items of personally identifiable information (PII) in a data breach that occurred after a single staff member fell victim to a phishing attack.

The vpnMentor cybersecurity research team, led by Noam Rotem and Ran Locar, have uncovered an unsecured AWS S3 bucket with over 5.5 million files and more than 343GB in size that remains unclaimed.

The results of a global study examining the financial impact of data breaches reveals that the incidents cost companies $3.86 million per breach on average, and that compromised employee accounts were the most expensive root cause.

Despite increasing numbers of high-profile data breaches, forms found on 92 percent of websites expose customer data to an average of 17 domains, according to Tala Security's Global Data at Risk - 2020 State of the Web Report

With a myriad of employees and contractors given ubiquitous access to business data, one thing is clear; identity has become the new security perimeter. Ensuring ERP data security, privacy, and compliance can no longer rely solely on network threat monitoring but requires using a layered identity defense to limit access to and within mission-critical applications.

My favorite definition of the (public) cloud is “It’s someone else’s computer.” That is really what any external cloud service is. And if your services, data and other assets are located on someone else’s equipment, you are at their mercy on whether you can access those assets and data at any time. It isn’t up to you. It’s solely determined by them, and any service level agreement you agreed to. And you can lose everything stored there permanently. You should have multiple backups of your data no matter where it is stored, especially including if it is stored using a cloud service.

According to a Linklaters analysis, there has been a major increase of data breach notifications to data protection authorities, with an average increase in notifications of 66 percent compared to Year 1 of the EU General Data Protection Regulation (‘GDPR’). 

vpnMentor’s research team, led by analysts Noam Rotem and Ran Locar, recently discovered a sensitive data breach originating from the domestic violence prevention app Aspire News App.