Digging Deeper into Data Breaches: An Exploratory Data Analysis of Hacking Breaches Over Time

1. Digging Deeper into Data Breaches: An Exploratory Data Analysisof Hacking Breaches Over Time Hicham Hammouchi, OthmaneCherqi, GhitaMezzour, MounirGhogho, Mohammed El Koutbi UniversitéInternationale de Rabat, Facultéd’Informatique et de Logistique, TICLab Mohammed V University, ENSIAS

2. Introduction • increasingly frequent and high-impact data breaches as an ever present danger facing organizations and individuals • In 2018, data breaches compromised the personal information of millions of people around the world • Juniper suggests that cybercrime will cost businesses over than 2 trillion dollars in 2019 • Prior work: policy oriented, regulation oriented, sector oriented Deeper into Hacking Breaches

3. About the Data • Privacy Rights Clearinghouse (PRC) Dataset. • Dataset collected from 2005 to 2018 (~9000 breaches, +12B records) • Breaches are characterized by a date of publication, name, type and location of organization, and total breached records • Organizations are classified into 7 sectors: BSF, BSO, BSR, EDU, GOV, MED, and NGO Deeper into Hacking Breaches

4. What method used in Breaches ? Breach methods distribution and their evolution over time Deeper into Hacking Breaches

5. The most devastating Breaches are caused by hacking Estimated cost : $444 Billion From now on we will focus on breaches caused by Hacking • The most devastating breaches are caused by hacking attacks • Average cost per breached record* : $148 Deeper into Hacking Breaches

6. What are the most sectors affected by Hacking breaches ? • 2,575 Hacking breaches between 2005 and 2018 with about 8 billion breached records (70% of the total breached records) • MED and BSO are the most targeted sectors Deeper into Hacking Breaches

7. Decreasing InterArrival Time => increasing frequency of breaches Interarrival time: time between consecutive breaches Deeper into Hacking Breaches

8. Average of 5 days between two breaches on medical institutions Deeper into Hacking Breaches

9. Intensification of breaches starting from 2011 2011 2014 Deeper into Hacking Breaches

10. Intensification of breaches after 2014 2012 2014 Deeper into Hacking Breaches

11. Big shifts in Breaches on MED and Web platforms Remarkable increase starting from 2013 Deeper into Hacking Breaches

12. Limitations • Restricted dataset to incidents occurs (reported) in North America Future work • Extend this analysis to study the cause of hacking breaches by looking at the description associated with each breach • Use Natural Language Processing to process breach description Deeper into Hacking Breaches

13. Conclusion • Hacking breaches on the rise • 29% of breaches caused by hacking activities • Hacking cause the most devastating breaches in term of volume and financial loss • Medical organizations and online services are the most targeted • Frequency of 5 and 7 days between two breaches Deeper into Hacking Breaches

14. Acknowledgement • This work is partly funded by the NATO Science for Peace and Security (SPS) program under research contract Threat Predict: From Global Social and Technical Big Data to Cyber Threat Forecast

15. THANK YOU FOR YOUR ATTENTION Any Questions ?

16. Digging Deeper into Data Breaches: An Exploratory Data Analysisof Hacking Breaches Over Time Hicham Hammouchi, OthmaneCherqi, GhitaMezzour, MounirGhogho, Mohammed El Koutbi UniversitéInternationale de Rabat, Facultéd’Informatique et de Logistique, TICLab Mohammed V University, ENSIAS