Cybersecurity Roundup: Risk Based Security, Palo Alto Networks, Zix-AppRiver and More

We’re quickly approaching the “most wonderful time of the year,” and soon after we’ll be capping off what officially will be the worst year ever for data breaches.

Breach activity in 2019 is living up to being “the worst year on record,” according to Risk Based Security. Its Q3 2019 Data Breach QuickView Report shows the total number of breaches was up 33.3% compared to Q3 2018, with 5,183 breaches reported in the first nine months of 2019.

Although the total number of breaches is on track to break previous year records, the total number of records exposed has already surpassed the 2017 year-end total. The report shows 7.9 billion records already have been exposed and we are on track to reach as high as 8.5 billion.

By North American Industry Classification System (NAICS) economic sector, medical services, retailers and public entities experienced the most breaches, but when all business-related sectors are combined, general business remains the most breached organization type. Looking further into the data breach landscape, hacking remains the top breach type for number of incidents while web has exposed the most records this year.

Risk Based Security’s Inga Goddijn

To find out more about what’s making this the best year ever for cybercriminals, we spoke with Inga Goddijn, Risk Based Security‘s executive vice president.

Channel Futures: What are organizations not doing that they should be doing to protect themselves from cyber crime?

Inga Goddijn: The security posture of organizations is all over the map, so there really isn’t a one-size-fits-all answer to the question. That said, the foundation of any robust and resilient security management system is performing regular risk assessments. There is no substitute for working through that process and it’s the best bet for ensuring that resources are focused where there is the greatest need.

CF: What are the most surprising findings in the report?

IG: It’s most surprising to see more breaches and more records lost year after year, after year. We’ve been tracking data breach activity going back for over a decade and the picture has yet to improve.

CF: Does the report point to any progress being made?

IG: On the surface, it is difficult to see many bright spots, but it is worth keeping in mind that disclosure requirements are becoming more —not less — stringent. While no organization is excited to announce news like a data breach, it does appear organizations are taking their reporting responsibilities serious and making an effort to disclose events that might otherwise have gone unreported in the past.

CF: What tactics are proving the most successful for cybercriminals? Are their methods becoming more sophisticated and harder to detect?

IG: It is interesting to follow the tactics used against defenses. What is most striking is while we do see some very sophisticated attacks, tried-and-true social engineering techniques remain popular and effective, as does targeting poorly…