Cyber-Crime, Vulnerabilities and Spam Skyrocket
Data breaches skyrocketed in 2016, when cyber-attackers stole more than 4 billion records— exceeding the combined total from the two prior years. That alarming statistic comes from IBM's "X-Force Threat Intelligence Index 2017," which is based on observations from more than 8,000 monitored security clients in 100 countries, as well as from data derived from noncustomer assets such as spam sensors and honeynets in 2016. Some incidents were true megabreaches, with a single source leaking more than 1.5 billion records in one case. Leaked records include data that cyber-criminals have traditionally targeted, such as credit cards, passwords and personal health information. But the X-Force analysis also noted a number of significant breaches related to unstructured data, including email archives, business documents, intellectual property and source code. "Unstructured data has become big-game hunting for attackers, and we expect to see them monetize it this year in new ways," observed Diana Kelley, global executive security advisor for IBM Security. The study documented an increase in the size and scope of DDoS attacks and in the number of previously leaked records that surfaced during the year. The authors pointed to the success of defensive strategies, and Kelley urged all organizations to focus on security fundamentals in a proactive manner. "The faster they react to cyber-crime findings and share their experiences and best practices across the security community, the less time each malware variant can live and/or see successful fraud attacks," she stressed. "Implement robust controls for the most important and sensitive data, and conduct regular cyber-security training for employees, who often serve as the entry point to company networks for hackers."