sb-as logo
Story image

IBM Security X-Force reports 'record' 556% increase in breaches

30 Mar 2017

IBM Security’s 2017 X-Force Threat Intelligence Index has uncovered an unprecedented increase in the number of breaches last year - a 556% increase from 600 million to 4 billion records.

It also found more than 10,000 software vulnerabilities last year - the highest number of single-year vulnerabilities on record over IBM X-Force’s history.

The report analysed data from more than 8000 security clients across 100 countries and specialised spam sensors, honeypots and web pages. 

Spam numbers also increased 400% last year. 44% of spam contained malicious attachments and 85% of those attachments contained ransomware. 

Caleb Barlow, IBM Security’s VP of Threat Intelligence, says cybercriminals continued to innovate as ransomware evolved from a nuisance to an epidemic.

Behind the scenes, attackers are also switching things up. Unstructured data, such as email archives, documents, intellectual property and source code are becoming more attractive targets, right alongside structured data such as credit card data, passwords or personal health information.

“While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal moment. The value of structured data to cybercriminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetise it this year in new ways,” Barlow says.

The report found that the healthcare sector is no longer the most targeted. It was knocked out of the top five industry attacks. 12 million healthcare records were breached, down from 100 million in 2015. This is an 88% drop over a single year. 

Instead, attackers are going after financial services. But the sector seems to be fighting back - financial services was third on the list for the amount of compromised records.

IBM Security believes this shows the financial services sector may have benefited from sustained security practices. 

Which sectors were the most vulnerable? The ICT sector experienced 3.4 billion exposed records and 85 breaches. The government sector experienced 398 million exposed records and 39 breaches. 

IBM Security says defence strategies are working. The average monitored organisation experienced 54 million security events last year, 3% more than in 2015. 

“This was marked by a 12 percent decrease year-over-year in attacks. As security systems are further tuned and new innovations like cognitive systems grow, the number of incidents overall dropped 48 percent in 2016,” the company states.

Story image
Video: 10 Minute IT Jams – Who is Claroty?
Its focus is on simplifying OT availability, reliability, and safety for a more secure working environment – without requiring downtime or dedicated teams.More
Story image
Fortinet holds position as fastest-growing SD-WAN vendor
According to a new Omida report, the company has seen a 247% revenue growth year-on-year. Plus, Fortinet announces Fortigate 80F.More
Story image
Why answering the question of orchestration vs automation will improve your security effectiveness
Organisations are looking to improve their security operations effectiveness, efficiency, and staff satisfaction, with security, orchestration, automation and response (SOAR) fast becoming a trending approach. More
Story image
Three-in-one cloud security can ease business through difficult times
By leveraging a comprehensive security platform, organisations can block threats and prevent leakage for all interaction between endpoints, devices and apps, writes Bitglass product marketing manager Juan Lugo. More
Story image
Tanium and Google Cloud bring greater security to distributed IT
“This joint solution with Chronicle gives Tanium customers access to massively scalable analytics and investigation capabilities far beyond that of other endpoint detection and response point tools."More
Story image
Forescout and Arista Networks embark on new Zero Trust security partnership venture
Forescout and Arista Networks have come together to deliver Zero Trust security and greater device visibility and enforcement across heterogeneous networks.More