The amount of huge data breaches jumped compared to the previous year, which means the level of identities revealed skyrocketed, a new report said.
The number of data breaches suffered by organizations in 2013 increased by 62 percent compared to 2012, according to Symantec’s Internet Security Threat Report (ISTR) for 2013. Not lost in the number of breaches is another staggering figure: 552 million identities ended up exposed last year, compared to 93 million in 2012.
Safety, Security: Know Risks, Learn Priorities
Insider Threat Scares DoD IT Pros
SCADA Risks Up, Budgets Tight: SANS
Security Awareness: A Matter of Safety
Security Pros Fret Attacks, not NSA
As far as huge, or mega, data breaches go, there were 8 reported in 2013, compared to one in 2012.
“One mega breach can be worth 50 smaller attacks. While the level of sophistication continues to grow among attackers, what was surprising last year was their willingness to be a lot more patient – waiting to strike until the reward is bigger and better,” said Kevin Haley, director of Symantec Security Response.
Over ten million data records ended up lost in each of the 2013 mega breaches, providing cybercriminals with payment card data, bank account details, passwords and even medical records.
“Nothing breeds success like success – especially if you’re a cybercriminal,” Haley said. “The potential for huge paydays means large-scale attacks are here to stay. Companies of all sizes need to re-examine, re-think and possibly re-architect their security posture.”
As far as targeted attacks go, the Symantec report shows their number increased by 91 percent. Each attack lasted, on average, three times longer than in the previous year.
Twenty-three Zero Days ended up uncovered last year and experts have found that one in eight websites contain critical vulnerabilities. Web-based attacks have reportedly increased by 23 percent.
When it comes to mobile threats, 38 percent of smartphone users have witnessed cybercriminal activities. The good news is the volume of spam has slightly dropped to 66 percent of all email traffic.
“Security incidents, managed well, can actually enhance customer perceptions of a company; managed poorly, they can be devastating. If customers lose trust in a company because of the way the business handles personal data and privacy, they will easily take their business elsewhere,” said Ed Ferrara, VP and principal analyst at Forrester Research.
Symantec’s most important trends in 2013:
• 2013 was the year of Mega Breach
• Targeted attacks grow and evolve
• Zero Day vulnerabilities and unpatched websites
• Facilitated watering-hole attacks
• Social media scams and malware flourish on mobile
• Ransomware attacks grew by 500 percent in 2013 and turned vicious
• Prevalence of scams fail to change
• User behavior on social media
• Attackers are turning to the Internet of Things
Click here to download the complete Symantec Internet Security Threat Report (ISTR), Volume 19.