Story image

IBM Security X-Force uncovers 556% increase in breaches in 2016

30 Mar 17

IBM Security’s 2017 X-Force Threat Intelligence Index has uncovered an unprecedented increase in the number of breaches last year - a 556% increase from 600 million to 4 billion records.

It also found more than 10,000 software vulnerabilities last year - the highest number of single-year vulnerabilities on record over IBM X-Force’s history.

The report analysed data from more than 8000 security clients across 100 countries and specialised spam sensors, honeypots and web pages. The average monitored organisation experienced 54 million security events last year, 3% more than in 2015. 

“This was marked by a 12 percent decrease year-over-year in attacks. As security systems are further tuned and new innovations like cognitive systems grow, the number of incidents overall dropped 48 percent in 2016,” the company states.

Chris Hockings, CTO of IBM Security ANZ, says the global report results have particular relevance to Australia.

While he says Australia is more advanced in cloud adoption, there’s opportunity to more efficiently respond to large scale security events. He believes cognitive or augmented intelligence will speed up the response time.

“Australia is not immune to the threats posed by global adversaries, but given the historical lack of current disclosure obligations, the impact is not as publicly known as regions where the law demands disclosure,” he says.

“In recognition of this, in February the Australian government passed mandatory data breach disclosure legislation for organisations. This is huge positive step for the normalisation of cyber security in the local market, as rather than relying on organisations to decide whether they publicly disclose breaches, for serious incidents they will be obliged to do so and notify those affected.”

Spam numbers also increased 400% last year. 44% of spam contained malicious attachments and 85% of those attachments contained ransomware. 

Caleb Barlow, IBM Security’s VP of Threat Intelligence, says cybercriminals continued to innovate as ransomware evolved from a nuisance to an epidemic.

Behind the scenes, attackers are also switching things up. Unstructured data, such as email archives, documents, intellectual property and source code are becoming more attractive targets, right alongside structured data such as credit card data, passwords or personal health information.

“While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal moment. The value of structured data to cybercriminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetise it this year in new ways,” Barlow says.

The report found that the healthcare sector is no longer the most targeted. It was knocked out of the top five industry attacks. 12 million healthcare records were breached, down from 100 million in 2015. This is an 88% drop over a single year. 

Instead, attackers are going after financial services. But the sector seems to be fighting back - financial services was third on the list for the amount of compromised records.

IBM Security believes this shows the financial services sector may have benefited from sustained security practices. 

Which sectors were the most vulnerable? The ICT sector experienced 3.4 billion exposed records and 85 breaches. Government experienced 398 million exposed records and 39 breaches. 

Hocking believes more engagement from C-level security management is crucial to funding and rolling out more integrated organisational structures that can support security programs.

“It's critical that organisations with large amounts of cyber intelligence data make that available for sharing, and that industry, government and education institutions work together to address the security threat and skills shortage,” Hocking says.

“With the forming of the Joint Cyber Security Centres across Australian states, the government is actively encouraging further collaboration between business, research, state and federal governments. It's also critical that the Australian security technology leaders come together in appropriate forums to share experiences.”

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.