In our daily activities, our team is so focused on keeping our partners and customers safe that we sometimes need to take a step back to look at the larger security trends and anticipate any new threats on the horizon. For this reason, Symantec’s latest Internet Security Threat Report (ISTR), Volume 19 provides a snapshot of the current global threat landscape, helping to pinpoint where companies need to focus their energy.
This year’s ISTR shows that we’re now living in the era of the “Mega Data Breach.” According to our latest report, the total number of data breaches increased 62 percent, amounting to more than 552 million records exposed. In fact, the top eight breaches exposed more than 10 million identities. These breaches often exposed real names, birth dates and/or government ID numbers (e.g. social security numbers). Some records also exposed other highly sensitive data, such as medical records or financial information.
Our report also shows that targeted attacks rose 91 percent in 2013 and lasted an average of three times longer; this suggests user awareness and protection technologies have driven cybercriminals to tighten their targeting. While large enterprises had a greater likelihood of being attacked (since there are fewer of them), small and medium-sized businesses received the highest number of targeted attacks overall. We also determined that mining companies, government organizations and manufacturing companies were at the highest risk for attacks. Even if these organizations didn’t have the data that cybercriminals wanted, they could potentially provide access to larger networks of other high-profile targets.
As cybercriminals find ways to become more efficient and targeted with their attacks, companies large and small will need to reexamine, rethink and possibility re-architect their security posture to make sure their customers stay protected. As a reminder, here are a few best practices to keep in mind:
- Know your data – Protection must focus on the information, not the device or data center. Understand where your sensitive data resides and where it’s flowing to help determine the best policies and procedures to protect it.
- Educate employees – Anyone can be a target, from an administrative employee to the CEO. It’s important to provide all employees with guidance on information protection, including company policies and procedures for protecting sensitive data on personal and corporate devices.
- Implement a strong security posture – Strengthen your security infrastructure with data loss prevention, network security, endpoint security, encryption, strong authentication and defensive measures, including reputation-based technologies.
For more information about our findings, I encourage you to take a look at our Internet Security Threat Report and share it with your customers.