In security as in business, information is power. As we put together the latest edition of the Internet Security Threat Report, we wanted to do more than simply throw some figures out there. As a result, Volume 19 presents a comprehensive analysis of last year’s threats according to publicly available information and events within Symantec’s purview, as well as detailed guidance about what security professionals can do in response.
At the top level of the report, the main finding was a rapid and significant increase in breaches leading to the exposure of individual identities - employee, customer and patient details. Overall a total of 552 million identities were exposed, across 253 significant security breaches.
Just as significantly, many of these breaches took place in the final quarter of the year, suggesting that we are at the beginning of a slew of such attacks - one of the reasons we felt pressed to include detailed advice in the report. 34% of reported incidents were due to hacking and 27% were due to theft or loss, while 29% of incidents involved identities accidentally being made public, through simple user error. Only 6% due to insider attack, which is relatively good news.
One area we found fascinating was how not all breaches were equal. For example, a mere 8 breaches across the sample exposed more than 10 million identities each. Similarly, while 37% of incidents were reported to be in the healthcare sector, these only caused 1% of identities to be exposed; meanwhile, the 7% of breaches coming from the retail sector led to the exposure of 30% of the total identities.
Targeted attack campaigns have increased by 91% since 2012. To identify such incidents, we look for clear evidence that the recipient was targeted, and how it was done: from our research, it appears that the people most at risk are personal assistants and communications/PR managers, who are being sent generic emails about order details or payment information - the bread-and-butter of such roles.
In fact, attackers are becoming even more savvy, running a larger number of campaigns against an increasingly focused number of individuals. Year on year, the number of target recipients per campaign has dropped from 111 to 23. It would appear that the ‘bad guys’ are also able to analyse information to decide who is worth targeting and what messages work the best.
The future security battleground may well be based on who has access to the best information, a factor we are taking into account not only in the ISTR, but across Symantec’s services. Watch this space for more, and in the meantime, if you want a copy of the report, you can download it here.