It’s no secret that 2016 was a tough year for security and IT pros. From reported security issues behind the U.S. election to the Beautiful People hack, the year was plagued by countless breaches that affected billions of people throughout the world.
Risk Based Security (RBS), a company that analyzes data breaches, vendor risk ratings and vulnerability intelligence, recently released its 2016 Data Breach QuickView Report, which tracked more than 23,700 reported incidents. Among the findings, the biggest takeaway was not the sheer number of breaches, but the gravity behind them: financial and reputational implications for companies and stakeholders.
Expect a continued surge in data breaches
According to RBS, more than 4,149 breaches were reported in 2016. Consequently, more than 4.2 billion records were exposed, a more than 30 percent increase compared to the previous all-time high, which was in 2013.
Among those breaches, six claimed space on the list of the top 10 biggest breaches, ever. Yahoo, which exposed more than 1.5 billion records in its multiple incidents in 2016, tops the list. In late December, Yahoo announced its third hack discovered over the course of the year. A new warning recently issued to users says that forged cookies may have been used to access individual accounts, completely bypassing the need to re-enter passwords.
The industry should expect to see more Fortune 100 companies targeted in 2017. As these companies continue to grow and collect data, hackers become increasingly attracted to them. Expect people to advocate for security changes that will better protect companies, their customers and their data.
Insider threats continue to grow
More than half of the breaches analyzed by RBS were a result of hacking. However, insiders, fostering malicious intent or carelessness, accounted for more than 200 million incidents.
While insiders were not the primary source of most breaches in 2016, it’s likely that these numbers will grow. Thanks in part to Internet of Things (IoT) devices, employees have more access to data than ever, making organizations increasingly vulnerable to attacks.
According to another recent report, nearly 70 percent of organizations have experienced an incident resulting from careless or malicious behavior by individuals within the company. To help counter these threats, security should become a bigger concern for all employees – not just IT and security team members. Companies must offer security training and encourage employees to take responsibility when it comes to their data. Giving staffers the tools to identify suspicious activity and develop step-by-step response plans will be key to preventing security breaches that could severely damage companies.
Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.