Yes, that’s billion with a B…
With the eye-watering number of records breached, the amount of breach victims out there is staggering. On top of that, the 7 billion figure is not even for the entire year; just the first three quarters!
Security firm, Risk Based Security, released a study over 3,833 publicly-disclosed breaches and found that 78.5% of the total number of records exposed stem from only five individual breaches. Big data breaches can seriously harm our commerce, and this figure is yet another reminder about the importance of cybersecurity.
Here are some of the other shocking statistics reported:
- 69 breaches exposed 1 million or more records each
- 5% of records were accidentally exposed or uploaded online by mistake
- 1% of breaches were due to malicious hacking by a third party
- 6% of records were breached through hacking
- 6% of incidents involved U.S. organisations
Researchers slam Equifax hack
Chief Information Security Officer for the firm, Jake Kouns, reportedly slammed the Equifax hack for the terrible way the breach was allowed to happen and how the incident was handled.
Kouns noted that, although the Equifax hack made the headlines, much of the media reportedly ignored the fact that the Struts-Shock flaw that was exposed and exploited by the hackers was not just a stand-alone vulnerability; there were 75.
Kouns suggests that it’s likely that other vulnerabilities may have also been exploited at the same time or since the first hack, exposing more confidential information.
The study also considers the severity of the breaches from a scale of 1 to 10; 10 being the worst. It reported that 39.9% of reported vulnerabilities scored 7.0 or above. This suggests that 2017 has not only seen a dramatic increase in the number of records breached, but that the breaches are also more severe.
The level of sophisticated attacks are reportedly also on the rise as it is reported that 31.6% of disclosed vulnerabilities have public exploits available, and “47.9% can be exploited remotely”.
Emails and passwords still the top of the pile
Email addresses and passwords are still topping the tables as the most compromised data types, according to figures.
Once compromised, cyber criminals can use email addresses and password combinations to try and access other accounts in the hope that people use the same password across multiple websites.
Even without a password, criminals could directly target email address owners by sending phishing emails containing malware. From there, criminals could infect and take over internet-connected devices, stealing information and even holding it for ransom.
The need to respect personal data
Organisations need to respect and value personal data. In neglecting their data protection responsibilities, they are arguably adding to the global problem and diluting the consumer’s perception of data breaches.
When consumers don’t value their personal data, perhaps neither will organisations; creating a vicious cycle where we see our records breached and breached until none of us have any control over our own information and privacy!