IBM Security’s 2017 X-Force Threat Intelligence Index has uncovered an unprecedented increase in the number of breaches last year - a 556% increase from 600 million to 4 billion records.
It also found more than 10,000 software vulnerabilities last year - the highest number of single-year vulnerabilities on record over IBM X-Force’s history.
The report analysed data from more than 8000 security clients across 100 countries and specialised spam sensors, honeypots and web pages.
Spam numbers also increased 400% last year. 44% of spam contained malicious attachments and 85% of those attachments contained ransomware.
Caleb Barlow, IBM Security’s VP of Threat Intelligence, says cybercriminals continued to innovate as ransomware evolved from a nuisance to an epidemic.
Behind the scenes, attackers are also switching things up. Unstructured data, such as email archives, documents, intellectual property and source code are becoming more attractive targets, right alongside structured data such as credit card data, passwords or personal health information.
“While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal moment. The value of structured data to cybercriminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetise it this year in new ways,” Barlow says.
The report found that the healthcare sector is no longer the most targeted. It was knocked out of the top five industry attacks. 12 million healthcare records were breached, down from 100 million in 2015. This is an 88% drop over a single year.
Instead, attackers are going after financial services. But the sector seems to be fighting back - financial services was third on the list for the amount of compromised records.
IBM Security believes this shows the financial services sector may have benefited from sustained security practices.
Which sectors were the most vulnerable? The ICT sector experienced 3.4 billion exposed records and 85 breaches. The government sector experienced 398 million exposed records and 39 breaches.
IBM Security says defence strategies are working. The average monitored organisation experienced 54 million security events last year, 3% more than in 2015.
“This was marked by a 12 percent decrease year-over-year in attacks. As security systems are further tuned and new innovations like cognitive systems grow, the number of incidents overall dropped 48 percent in 2016,” the company states.