The Identity Theft Resource Center published a First Quarter 2022 Data Breach Analysis which found that Q1 of 2022 began with the highest number of publicly reported data compromises in the past three years. Among stated findings:
- Publicly reported data compromises totaled 404 through March 31, 2022, a 14 percent increase compared to Q1 2021.
- This is the third consecutive year when the number of total data compromises increased compared to Q1 of the previous year. It also represents the highest number of Q1 data compromises since 2020.
- However, the number of individual victims actually dropped in Q1 2022. The 20.7M victims in this reporting period is a ~50 percent decrease compared to Q1 2021, and a 41 percent drop from Q4 2021.
Our reading and interpretation also indicated that
- Phishing and Ransomware remain the #1 and #2 root causes,
- 92 percent of the data breaches were the direct result of cyberattacks. System & human errors represent ~8%, and breaches resulting from physical attacks such as document or device theft, and skimming devices dropped to single digits (just 3) in Q1 2022.
Q1:22 publicly reported compromises by the numbers:
- + Total Data Compromises: 404 compromises; 20,773,963 victims
- + Data Breaches: 398 data breaches; 13,676,543 victims
- + Data Exposures: 4 data exposures; 7,094,528 victims
- + Cyberattacks: 367 breaches; 13,525,762 victims
- + System & Human Errors: 32 breaches/exposures; 7,223,708 victims
- + Physical Attacks: 3 breaches; 21,601 victims
The report confirms what everyone already knew – cyberattacks have become one of the major concerns of every industry – especially if they are in the 16 CISA identified critical infrastructure sectors. The modern dynamic of hacking – where specialized hacker groups are loosely affiliated between vulnerability, payload and C2 groups are anonymously connected makes hacking of zero day vulnerabilities immediate and global. Vulnerabilities are immediately recognized and capitalized via ransomware and exfiltrated data. Pro-active technologies and practices like zero trust and identity governance must be adhered to.