At one point, it seemed like we might never be able to stop counting. It was January and we had begun to collect data on breaches from the previous year. Up to that point, it had been an unexceptional year, as far as breaches go, with numbers in line with previous years. And then the reports of breaches from the end of 2013 started coming in. When we were finally able to stop counting, the results, as published today in the Internet Security Threat Report, were stunning. More than 552 million identities had been exposed. And the average number exposed in each breach was 4 times greater than in 2012. 2013 was the year of the “Mega Breach.”
Of course, other things happened in 2013 and we report on them, as well. For instance, targeted attacks grew 91 percent. Another big number. But it’s the numbers behind this number that are even more interesting. These attacks became slow and low as attackers increased the number of campaigns they ran, but decreased the emails used and the number of people they attacked in each campaign. It’s almost as if they brought in efficiency experts to improve their attack campaigns.
And what are the odds of your company getting attacked? It’s probably not what you think. This year’s ISTR looks at your risk based on industry, size of company and even your role in the company.
A few other notable highlights from our report:
- More zero-day vulnerabilities were discovered in 2013 than any other year since Symantec began tracking this stat.
- End-users continue to ignore the risk on mobile devices just as cybercrime becomes real. 38 percent of mobile users have experienced mobile cybercrime in the past 12 months; lost or stolen devices remain the biggest risk.
- Ransomware attacks grew by 500 percent in 2013 and attackers became more vicious by holding data hostage through high-end encryption.
- 77 percent of legitimate websites had exploitable vulnerabilities – 1 in 8 have a critical vulnerability.
There is also some food for thought in our reporting on the Internet of Things (IoT). Attackers are now turning to the IoT – baby monitors, security cameras and routers were hacked in 2013. Furthermore, security researchers demonstrated attacks against smart televisions, automobiles and medical equipment. As the Internet of Things, the cloud and other technologies step out of our imaginations and into our lives, so too do a host of sophisticated threats that must be addressed. Are we ready to secure the Internet of Things?
The Internet Security Threat Report is an important resource to help you, and those you interact with, better understand the risks out there. Beyond breaches, vulnerabilities and targeted attacks, we cover social media, mobile threats, phishing, spam and a whole lot more. For more information on the threat landscape, view the full ISTR Vol. 19 report or watch the ISTR video, which summarizes these findings.