2020 Breach Statistics: An AnalysisJames Lee of the Identity Theft Resource Center Discusses Reasons Behind Breach Decline
The decline in the total number of U.S. data breaches in 2020 isn't all good news; it reflects that hackers are changing their tactics, says James Lee of the Identity Theft Resource Center, who offers an analysis of the center's new data breach report.
"We hit our high watermark in terms of the number of breaches in 2017," he notes. Since then, breaches have declined, including a 19% drop last year.
As more hackers focus on lucrative ransomware and business email compromise scams, they don't need to obtain as much data via breaches to be successful, he explains.
"The threat actors are changing their tactics; they don't need the massive amounts of data that they would have stolen five or 10 years ago," he says. "They're highly targeted now, and they're highly organized and sophisticated in their attack methods."
In a video interview with Information Security Media Group, Lee discusses:
- Why a decrease in data breaches is not necessarily a good thing;
- Details of how breaches originate online, offline and via third parties;
- The growth in supply chain attacks and how the SolarWinds breach may impact 2021 breach metrics.
Lee is the COO of the ITRC, a nonprofit organization based in San Diego, California, that provides no-cost assistance to U.S. identity theft victims to help resolve their cases. He is the former executive vice president of Irish application security company Waratek and former senior vice president for Atlanta-based ChoicePoint, now LexisNexis. He also chaired two working groups for the American National Standards Institute on identity management and privacy.