New threat intel indicates a 400% surge in data breaches last year

Criminals’ shift in focus from large corporations to small businesses resulted in a four-fold increase in data breaches last year, according to a new report from open source intelligence firm, 4iQ.

Headline figures from the California-based company’s latest Identity Breach Report (registration required) indicate that there were 12,449 data breaches during 2018 – up a massive 424% on 2017.

Interestingly, despite the hike in new data breaches, 4iQ said the average breach size in 2018 was around 217,000 records. This represents a 4.7% decrease on the comparable figure in the previous year – something the researchers say is partly the result of attackers pivoting to smaller targets.

“As hackers increase their sophistication with new hacking tools, they are better able to attack larger numbers of small businesses,” the report reads. “Targets that cybercriminals would have previously deemed too small to spend time attempting to infiltrate are now at risk.”

According to 4iQ, large organizations continued to focus on improving their security posture in 2018. On the flip side, however, small businesses and suppliers to those companies present “weak links in the value chain”.

The report – which was built using a collection of breached and leaked data found from open sources in the surface, deep, and dark web – also indicates a surge in “underground activity” in 2018.

“For the first time we saw underground brokers actively including citizen data, such as voter databases, as part of their data portfolio,” 4iQ said. “The heightened interest in public records is related to geopolitical tensions, the cyber cold war, and election manipulation campaigns.

“One emerging trend has been to combine open and publicly available data sources with leaked or stolen data to better profile individuals.”

4iQ said nearly 15 billion raw identity records were found to be circulating across the web last year, marking a “significant increase” from last year’s 8.7 billion records.

According to the company, this illustrates the increasing use of identity information for criminal activity, such as account takeover, business email compromise, and identity theft.

4iQ’s insight into small business data breaches tallies with separate research data from Verizon.

According to the telco’s 2016 Data Breach Investigation Report (PDF), 51% of all cyber-attacks were targeted at small businesses. By 2018 (PDF), this figure had risen to 58%.

RELATED AccuDoc data incident highlights ‘growing calamity’ of third-party breaches