According to a new report, the number of breaches disclosed by organizations in the United States increased by 40 percent in 2016 compared to the previous year.
These details were disclosed in a report released Thursday by CyberScout and the Identity Theft Resource Center (ITRC). According to the ITRC, 1,093 breaches and more than 36 million records were exposed in 2016 across industries like finance, business, education, government and military, and healthcare. Experts believe this stark increase could be due in part to the increased number of states that require disclosing incidents on their websites.
Almost half of the breaches disclosed in 2016 affected the business sector (494), followed by healthcare (377), education (98), government (72) and financial (52). It has been determined by the ITRC that at a minimum, 52 percent of the reported breaches involved social security numbers, and 13 percent involved payment card details.
Unsurprisingly, hacking, phishing, and skimming attacks accounted for more than 55 percent of incidents disclosed.
Phishing and spear phishing have become increasingly popular attack strategies, whereby cyber thieves use phishing tactics to evade traditional spam and malware filters in an effort to wreak havoc on corporate infrastructures.
Our CTO Mark Kedgley comments: “Although phishing is hardly anything new, as the article highlights, corporate data is continuously at risk of security breaches from a vast – and ever increasing – range of attack vectors. The only thing that is a certainty in these increasingly complex circumstances is that the risk of breach is a constant. A two-pronged approach is the only way to go – get layered defences in place (don’t overlook the newer Microsoft features like EMET and AppLocker) but back it up with real-time host intrusion detection through File Integrity Monitoring (FIM), ensuring that if a cyber-attack proves successful at the very least you get to know about it.”
Read this article on SecurityWeek