IBM Security’s 2017 X-Force Threat Intelligence Index has uncovered an unprecedented increase in the number of breaches last year - a 556% increase from 600 million to 4 billion records.
It also found more than 10,000 software vulnerabilities last year - the highest number of single-year vulnerabilities on record over IBM X-Force’s history.
The report analysed data from more than 8000 security clients across 100 countries and specialised spam sensors, honeypots and web pages. The average monitored organisation experienced 54 million security events last year, 3% more than in 2015.
“This was marked by a 12 percent decrease year-over-year in attacks. As security systems are further tuned and new innovations like cognitive systems grow, the number of incidents overall dropped 48 percent in 2016,” the company states.
Chris Hockings, CTO of IBM Security ANZ, says the global report results have particular relevance to Australia.
While he says Australia is more advanced in cloud adoption, there’s opportunity to more efficiently respond to large scale security events. He believes cognitive or augmented intelligence will speed up the response time.
“Australia is not immune to the threats posed by global adversaries, but given the historical lack of current disclosure obligations, the impact is not as publicly known as regions where the law demands disclosure,” he says.
“In recognition of this, in February the Australian government passed mandatory data breach disclosure legislation for organisations. This is huge positive step for the normalisation of cyber security in the local market, as rather than relying on organisations to decide whether they publicly disclose breaches, for serious incidents they will be obliged to do so and notify those affected.”
Spam numbers also increased 400% last year. 44% of spam contained malicious attachments and 85% of those attachments contained ransomware.
Caleb Barlow, IBM Security’s VP of Threat Intelligence, says cybercriminals continued to innovate as ransomware evolved from a nuisance to an epidemic.
Behind the scenes, attackers are also switching things up. Unstructured data, such as email archives, documents, intellectual property and source code are becoming more attractive targets, right alongside structured data such as credit card data, passwords or personal health information.
“While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal moment. The value of structured data to cybercriminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetise it this year in new ways,” Barlow says.
The report found that the healthcare sector is no longer the most targeted. It was knocked out of the top five industry attacks. 12 million healthcare records were breached, down from 100 million in 2015. This is an 88% drop over a single year.
Instead, attackers are going after financial services. But the sector seems to be fighting back - financial services was third on the list for the amount of compromised records.
IBM Security believes this shows the financial services sector may have benefited from sustained security practices.
Which sectors were the most vulnerable? The ICT sector experienced 3.4 billion exposed records and 85 breaches. Government experienced 398 million exposed records and 39 breaches.
Hocking believes more engagement from C-level security management is crucial to funding and rolling out more integrated organisational structures that can support security programs.
“It's critical that organisations with large amounts of cyber intelligence data make that available for sharing, and that industry, government and education institutions work together to address the security threat and skills shortage,” Hocking says.
“With the forming of the Joint Cyber Security Centres across Australian states, the government is actively encouraging further collaboration between business, research, state and federal governments. It's also critical that the Australian security technology leaders come together in appropriate forums to share experiences.”