Summary

Devices continue to be lost or stolen, a pattern that is unlikely to change anytime soon. While the actor may be Internal (for loss) or External (for theft), the controls to protect the data on these devices remain constant.

Frequency

1,295 incidents, 84 with confirmed data disclosure

Threat Actors

External (87%), Internal (17%), Multiple (5%), Partner (1%) (breaches)

Actor Motives

Financial (100%) (breaches)

Data compromised

Personal (80%), Medical (43%), Bank (9%), Other (7%) (breaches)

We are all perhaps too familiar with that sinking feeling of reaching for your cellphone in your pocket or purse, only to find it missing. After frantically tearing the house apart, flipping seat cushions and asking anyone in close proximity to call your phone, you probably found out that you were holding it all along, or is that just us?

Anyway, this primordial fear of misplacing tiny devices that contain thousands of personal and work-related files is one of the common themes for the breaches and incidents in this pattern. Computers, documents, USB devices and cellphones end up disappearing, accidentally or otherwise. Like many of the patterns and incidents that we’re covering this year, bear in mind the unique circumstances of how we’ve evolved our work habits over the course of 2020.

This is especially true when it comes to where and how we work. The findings here might need to be taken with the tiniest speck of salt, as this is not necessarily going to be a representative year. Let’s take a dive into the data.

Steady-State thefts and error

While many things have changed over the last year, some things haven’t changed a great deal in this pattern. One of those things is that Error trumps Theft in incidents. In our data, much like previous years, Errors in which some internal user accidentally mislays an asset and reports the loss is significantly more common than someone reporting an asset stolen. However, for an organization this is more or less the same problem: You now have to know what was on that device, how was it protected, and how you are going to respond. The distinction in cases like this often a moot point since you’re probably going to have to remotely wipe the device either way.

Would you like paper or silicon for your data breach?

One of the trends that we have noticed over the last few years is the transition from Media (such as Documents) to devices (such as Mobile phones) being the main assets involved in Lost and Stolen breaches. If we needed a barometer as to when digital transformation occurred, we could probably point back to 2019 when, for the first time in our dataset’s history, User devices were more frequently stolen and lost than Documents. This year about 43% of the breached assets with known data disclosure were Media while the rest are Desktops and laptops (Figure 58). For incidents where we don’t know if there’s a confirmed breach, cellphones were lost or stolen the most. Not that we’re gambling people, but if we were to place money on whether or not this trend will continue, we would probably take the over, since many new organizations, schools and businesses had to quickly pivot to a remote work force.

The type of data lost with the majority of known data breaches involves loss of Personal data, quickly followed by Medical data, which really shouldn’t be too surprising. The amount of legislation regarding privacy breach disclosure (medical and otherwise) would explain why we see this in our data. And lastly, when it comes to discovering that an asset is lost or stolen, (Figure 59), your best line of detection won’t be the next gen AV, but your employees themselves. Make sure that they are provided with a means to easily report any lost or stolen assets to your organization. For instance, if they lose their phone have a number they can call… wait, nevermind. The quicker the organization knows, the better position they’ll be in to respond. Something… something …obligatory hindsight is 2020 joke.