The total number of data breaches reported in mid 2016, as a result of cyber crime, is nearly 319 million  compared to 744 million in 2015. The critical factor to keep in mind is that cyber criminals linger in a company’s environment for many months before they are recognized by those that monitor the platforms.
In fact, according to a report released in an IT Governance blog in the UK just over a year ago, it takes companies about 6 months to recognize an intruder in their environment . So, I expect the mid-point for records lost for 2016 to drastically increase as the year progresses.
In January of this year, the total number of data breaches reported reached 628 million, since the beginning of 2015, and has since increased by 116 million as new incidents have been reported. The government sector continues to be the primary industry compromised by some form of data breach or cyber crime. This year, there was an increase of 7% compared to 2015. Healthcare is down by nearly 17% as compared to the total records as a percent and financial services are once again making a showing at nearly 4% of the total records.
The interesting factor in the mid-year point is that the “other” industry category is increasing by being at 26% as compared to just about 17% during 2015. My take on all of this data is that cyber criminals aren’t discriminating on any of the industries, but rather going after all industries, as we can see how relatively consistent the numbers in 2016 are beginning to line up.
The total amount of reported incidents for mid 2016 as a result of some form of cyber crime or data breach is at 843 as compared to a total of 1857 in 2015 . Again, the important factor to keep in mind is that intruders linger for a long time on platforms and environments before anyone in the company recognizes them. The mid-point for 2016 will increase as the year progress as companies complete their due diligence and appropriately self-report additional incidents.
Let’s break down these incidents by source. Malicious Outsiders continue to drive most of the cyber crime incidents this year at 583 and are trending upward as compared as a percent to 2015. This type of event is defined as an outside entity that has malicious intent to do harm or steal information. The alarming statistic is the rate by which the increase is occurring – an increase of more than 11% over last year. On a good note - Accidental Loss, Malicious Insider, Hacktivist and State Sponsored on the surface appear to be decreasing. But as history shows, new incidents are reported and recognized every year altering these numbers once again.
So what does all of this data really mean? In an article that I wrote last month, Finding the Proper Balance of Security & Productivity, I list several tips that are crucial in protecting environments. I’m going to highlight them again for the purposes of this article as I believe they are significantly relative and that every technology leader must recognize and adopt.
- What is the present state of the security culture within the organization?
- What trends are being monitored and analyzed within all environments and platforms?
- What confidence do you have in the cyber security solutions that are presently deployed?
- If you have not - yet - been targeted by a data breach, does this mean your environments are secure?
- Unify systems to increase Security and Productivity
While all five of these are relevant, I want to emphasize, “unify systems to increase security and productivity”. Often times companies keep legacy systems around far too long and typically these systems aren’t being properly supported, maintained or monitored and lead to a system data breach and information loss. Consolidate and simplify systems and applications to reduce the complexity, intrusion and failure points. In so doing you are much more likely to protect your customer’s assets, your firm’s reputation and increase security & productivity. And, one last thing, you might just stay off the front page of the Wall Street Journal or the national news when the latest cyber crime is being reported if you increase your threat posture.