Half a Billion Records Exposed in 2015, Underreporting an Issue

By: Arieanna Schweber | 5/4/2016

The 2016 Internet Security Threat Report (ISTR) reveals that over 429 million personal records were stolen or lost in 2015, but the number of organizations not reporting the full extent of data breaches is on the rise, up 85% over the previous year. Symantec estimates that the unreported figures would push the figure up to half a billion personal records stolen or lost in 2015. A quick scroll through the 2016 data breaches to date will show you that for every reported figure of known exposed records, there are just as many other breaches listed as “unknown.” Over time, some of those figures will be revealed through investigation, but others remain blank.

“The increasing number of companies choosing to hold back critical details after a breach is a disturbing trend,” said Haley. “Transparency is critical to security. By hiding the full impact of an attack, it becomes more difficult to assess the risk and improve your security posture to prevent future attacks.”

Digging deeper into the report, it’s clear that organizations both large and small were victims of cyber attacks, with 42% of spear-phishing attacks actually targeting SMBs, the largest proportion in the past 5 years. Phishing campaigns have gone up by 55% in 2015 primarily because this remains a very successful way to gain access to credentials, sensitive data, or data that could be used to create additional targeted attacks. The report suggests that there has been a resurgence in other cyber scams specifically targeting devices such as smartphones.

Research has shown that mobile users are three times more vulnerable to phishing attacks, perhaps because a phishing website is less obvious on a mobile phone. Other research has shown that exploited mobile devices account for one third of cyber security incidents, through malware, phishing, malicious WiFi, and insider threats.

At Absolute, we advocate for a 3-pronged approach to mitigate security risks, including Education, Policies and Layered Technology solutions to protect sensitive data, no matter where that data resides. With the endpoint now one of the top ways data is compromised, it’s key that organizations focus on gaining visibility into the endpoint. Absolute DDS provides you with a persistent connection to all of your endpoints and the data they contain, so you know what kind of data is stored on the endpoint.

In order to contain the Insider Threat, our new Absolute EDD feature, as part of Absolute DDS, allows you to define the kind of data you want to track and scan your endpoints, allowing you to take proactive steps to remove that data from the endpoint and improve your employee education or access rights. Some employees need data on the endpoint to remain productive, so in the event of a security incident, Absolute DDS allows you to assess risk and apply remote security measures to protect each endpoint and the data they contain, helping prevent a costly data breach.

Financial Services