2016 broke security records, but 2017 is on track to be worse

It’s no secret that 2016 was a tough year for security and IT pros. From reported security issues behind the U.S. election to the Beautiful People hack, the year was plagued by countless breaches that affected billions of people throughout the world.

Risk Based Security (RBS), a company that analyzes data breaches, vendor risk ratings and vulnerability intelligence, recently released its 2016 Data Breach QuickView Report, which tracked more than 23,700 reported incidents. Among the findings, the biggest takeaway was not the sheer number of breaches, but the gravity behind them: financial and reputational implications for companies and stakeholders.

Expect a continued surge in data breaches

According to RBS, more than 4,149 breaches were reported in 2016. Consequently, more than 4.2 billion records were exposed, a more than 30 percent increase compared to the previous all-time high, which was in 2013.

Among those breaches, six claimed space on the list of the top 10 biggest breaches, ever. Yahoo, which exposed more than 1.5 billion records in its multiple incidents in 2016, tops the list. In late December, Yahoo announced its third hack discovered over the course of the year. A new warning recently issued to users says that forged cookies may have been used to access individual accounts, completely bypassing the need to re-enter passwords.

The industry should expect to see more Fortune 100 companies targeted in 2017. As these companies continue to grow and collect data, hackers become increasingly attracted to them. Expect people to advocate for security changes that will better protect companies, their customers and their data.

Insider threats continue to grow

More than half of the breaches analyzed by RBS were a result of hacking. However, insiders, fostering malicious intent or carelessness, accounted for more than 200 million incidents.

While insiders were not the primary source of most breaches in 2016, it’s likely that these numbers will grow. Thanks in part to Internet of Things (IoT) devices, employees have more access to data than ever, making organizations increasingly vulnerable to attacks.

According to another recent report, nearly 70 percent of organizations have experienced an incident resulting from careless or malicious behavior by individuals within the company. To help counter these threats, security should become a bigger concern for all employees – not just IT and security team members. Companies must offer security training and encourage employees to take responsibility when it comes to their data. Giving staffers the tools to identify suspicious activity and develop step-by-step response plans will be key to preventing security breaches that could severely damage companies.

Take our free data security assessment to learn if your organization is at risk

  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.