We are only six months into 2017, and we can already tell that it is going to be a bumper year with regard to instances of data security breaches. Looking back at the hacking statistics from 2015 and 2016, we should not be surprised at the number of security breaches that have already happened in 2017. Nor should we be surprised about how rapidly cybersecurity attackers are evolving their techniques to affect more computers and devices than ever before. Hackers’ reaches will only keep expanding as time goes on.

Reflecting on Hacking Statistics From 2015 and 2016

Data from the two previous years clearly indicates a pattern in which cyber security breaches are occurring ever more frequently. In 2015, for instance, there were more than 177,866,236 personal records exposed via 780 data security breaches, according to the ITRC Data Breach Reports. In 2015, hacks occurred in every single state in the US, and the breakdown of the breached targets by type of entity is as follows:

• Businesses were the target of 40% of the security breaches (312 breaches).
• Medical and Healthcare entities made up 35.4% of data breach targets (276 breaches).
• Government or military targets made up 8.1% of cybersecurity breaches (63 breaches).
• Educational institutions accounted for 7.4% of data breaches (58 breaches).

In 2016, hackers not only logged an uptick of 38% in their use of phishing type security attacks according to “Key findings from the Global State of Information Security® Survey 2017” by PricewaterhouseCoopers, but it also became well-known that hackers were finding devices to target beyond computer systems and networks. Unsecure wireless medical devices, mobile devices, and even cloud architecture all came under attack in 2016. With security breaches arising on multiple fronts, companies, healthcare systems, governmental and educational entities, and individuals started to realize how real the threat of cyber security attacks was. In order to combat attacks, people began to increase their use of data security protection measures in 2016:

• 52% of individuals, businesses and entities utilized intrusion detection tools.
• 51% actively monitor and analyze security information for their vulnerable systems.
• 48% conduct vulnerability assessments.
• 47% utilize security information and event management tools.
• 47% regularly conduct cyber security threat assessments of their systems.
• 45% are subscribed to a threat intelligence service.
• 44% engage in data system penetration testing.

List of 2017 High-Profile Breaches

So far this year there have been many high-profile data security breaches potentially affecting millions of individuals’ payment card (e.g., credit cards and debit card) information, personal identifying information (e.g., first and last name, Social Security numbers, address, birthday, etc.), and medical records.

• Chipotle Payment System Hack: Between March 24 and April 1, malware was at work inside Chipotle’s payment system collecting payment card informations from customers. According to news reports, virtually all of Chipotle’s customers who visited a Chipotle Mexican Grill restaurant during this timeframe were potentially exposed.
• Hackers Set Off Emergency Weather Sirens in Dallas: On April 7, hackers accessed and set off all 156 emergency weather siren system in Dallas, Texas. The incident started at 11:45pm local time and lasted for 90 minutes, affecting 1.3 million residents of the city.
• Gmail Phishing Scheme: Hackers collected login credentials for more than 1 million Gmail accounts with a phishing campaign. The phishing email appeared to be from a close email contact containing an attachment. Once the recipient clicked on the attachment, a fake and practically identical Gmail login page appeared prompting the recipient to log into his or her Gmail account.
• The IRS Under Assault: The IRS was hacked twice already this year. In the first data breach, which occurred in February, some 464,000 Social Security numbers were stolen and of those, at least 100,000 were used to successfully access a user’s E-file PIN. In the second data breach, which was reported in April, more than 100,000 student taxpayers had their personal information stolen due to a security breach of an online tool that is used by students to apply for financial aid for school.

The Biggest, Baddest Hacks of 2017 So Far

Hackers in 2017 have been ambitious, to say the least. This year there has been a marked increase in the scale of cyber attacks, with multiple successful cyberattacks made on a global scale. At the beginning of May, hackers launched a global cyberattack on multiple entities around the world, according to the New York Times. Using a piece of stolen malicious software originally created by the National Security Agency, hackers took down computer systems around the world. Russia’s Interior Ministry was knocked off-line, as were multiple health systems across the UK, leaving the affected hospital systems to turn away patients because the facilities could not function without access to their computer systems. Overall, computer systems in 74 countries were impacted, with Russia, Ukraine, India and Taiwan suffering the most from the cyberattack.

In another cyberattack that affected the entire world, thousands of Microsoft Windows computers across the globe where hijacked by the WannaCry ransomware cryptoworm. The WannaCry malware held user files hostage by encrypting the content of the files and demanded a Bitcoin ransom before the files would be unlocked/unencrypted. More than 200,000 computers in 150 countries were affected by the WannaCry malware. Some of the most well-known victims of the cyberattack include FedEx, Britain’s National Health Service, and Spanish telecom giant Telefonica.

Take Steps to Protect Your Business From Cyber Security Breaches

Cyber security breaches are a real threat, whether it is to your business, the institution that you work for, or to your own personal computer system and devices. When you are hacked, or information that was entrusted to you was potentially accessed in a data security breach, you need to act quickly to understand your rights and obligations concerning notification of potential victims.

 

Editors note: this was originally published in December, 2016. It has been updated for clarity and comprehensiveness.

 

Source: http://www.jdsupra.com/legalnews/2017-security-breaches-frequency-and-43309/