2016 Record Data Breach Year, Attackers Less Healthcare-Focused

The recently published IBM X-Force Threat Intelligence Index reveals 2016 was a record breaking year for data breaches, with more than 4 billion records compromised – which is more than the combined total from the two previous years. Last year’s figure is a significant 566% increase from the 600 million exposed in 2015.

The report was based on more than 8,000 of IBM’s monitored security clients, across 100 countries, alongside data from non-customer assets (spam sensors and honeynets). The definitions of each type of threat analyzed are as follows.

An activity on a system or network detected by a security device or application. A security event identified by correlation & analytics tools as malicious activity attempting to collect, disrupt, deny, degrade or destroy information system resources or information itself. An attack or security event that has been reviewed by IBM security analysts and deemed worthy of deeper investigation. An incident that results in the exfiltration of data. In this report, “breach data” is a sampling of notable publicly disclosed incidents, not monitored security client incidents.

Interestingly, there was a marked shift in the types of data that cyber-criminals set out to exploit in 2016, with healthcare no longer positioned as the most vulnerable industry: financial services has now overtaken healthcare to become the main target for attacks.

Drilling down into the data reveals a total of 12 million health records were subject to being compromised in 2016, which was 88% less than the figure reported in 2015 (approx 100 million). The extent of this switch has pushed healthcare out of the top five most-breached industries of 2016.

In past years, data breaches have typically targeted some form of fixed structured information such as personal health information (PHI), credit card data, national ID numbers, passwords, or key documents. But, last year, IBM X-Force noted a significant shift in strategies used by cybercriminals, uncovering large caches of unstructured data exposing their victims’ detailed digital footprints through email archives, business documents, intellectual property, and source code.

Responding to the report, IBM’s Caleb Barlow, Security Vice President of Threat Intelligence, explained in a statement “While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal moment,” he went on to suggest “The value of structured data to cybercriminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetize it this year in new ways”.

On average, IBM clients experienced more than 54 million security events in 2016, which is a 3% increase in events than 2015.

What to expect for 2017 onwards

Whilst the threat index paints a rather bleak picture on the whole, as security systems are further tuned and new innovations like cognitive systems become more advanced, the report shows that there has in fact been a 12% decrease in the number of security attacks, and a drop of 48% in the number of security incidents year-on-year.

That’s not to say we can start expecting a safer cyber environment for the future – a reduction in attacks could simply mean attackers are relying on methods that are proven to work, therefore requiring fewer attempts.

This considered, organizations of all types and sizes must ensure they have best-practice security standards in place to mitigate against common threats, and are proactive in identifying any vulnerabilities that could be exploited by hackers later down the line.