Note: For the purposes of this blog post, we are going to be looking at breach data for the United States only in 2016
2016 was a record year when it comes to data breaches, according to the Identity Theft Resource Center. According to the center, there were a total of 1,093 breaches in 2016, representing a 40% hike in the total number of breaches in 2015. While this may not come as a surprise to anyone, this should continue to raise concerns with organizations in all industry vertical markets.
The report that the ITRC released is broken down by several different categories, including vertical market and type of attack. For the specific vertical market, here are some of the statistics:
Industry | Total Breaches 2016 | % of Total Breaches | % Increase or Decrease from 2015 |
Business | 494 | 45.2% | 5.2% Increase |
Healthcare/Medical | 377 | 34.5% | 0.9% Decrease |
Education | 98 | 9.0% | 1.6% Increase |
Government/Military | 72 | 6.6% | 1.5% Decrease |
Banking/Credit/Financial | 52 | 4.8% | 4.3% Decrease |
Keep in mind these are total number of breaches reported by organization, not total number of records compromised. The alarming fact is the business sector continues to increase. One thing that might be misleading about these numbers is in relation with healthcare. While we see a decrease in the total of number of attacks, records exposed and Ransomware continue to be a significant problem for healthcare.
While those numbers are interesting, the methods or type of breach are even more interesting:
Method of Attack | Total Breaches 2016 | % of Total Breaches | % Increase or Decrease from 2015 |
Hacking/Skimming/Phishing | 607 | 55.5% | 17.7% Increase |
Accidental Email/Internet Exposure | 101 | 9.2% | 4.7 % Decrease |
Employee Error/Negligence/Improper Disposal/Lost | 95 | 8.7% | 6.3% Decrease |
Insider Theft | 77 | 7.0% | 3.6% Decrease |
Subcontractor/Third Party/Business Associate | 70 | 6.4% | 2.6% Decrease |
Physical Theft | 69 | 6.3% | 4.1% Decrease |
Data on the Move | 53 | 4.8% | 2.5% Decrease |
What is alarming about this data is that every category of method of attack decreased except for one…….Hacking/Skimming/Phishing was up 17.7% year over year. This is one of the main reasons why your Information Security Program needs to evolve. As the threats change or intensify, your Information Security Program needs to change to mitigate the risks associated with those threats. The category of Hacking/Skimming/Phishing continues to increase 17.7% yearly because these attacks are successful.
How does your Information Security Program stack up, especially compared to the threat category of Hacking/Skimming/Phishing? What steps are you taking to evolve your program with the changing threat landscape? If your answer is nothing, you need to act NOW! A great first step to do that is to attend our webinar on April 20th at 1:00 PM EST. During this webinar, we will give you 10 tips to a more secure 2017. Based on the data above, we all must make Information Security a priority. To register, click on the link below.
What do you think about the data above? Do you agree or disagree and what are you seeing out there in the wild? Drop a comment below and let us know!