Study: Data breach exposure is getting worse

MOUNTAIN VIEW, Calif. — It’s not just media hype — retailers’ exposure to data breaches really is getting worse. According to the 2015 Internet Threat Report from security technology provider Symantec, 11% of all data breaches Symantec recorded in 2014 hit retailers.

 

Only the healthcare industry represented a larger share of breaches. In addition, retailers provided a leading 59% of all identities revealed in breaches during 2014. Total breach incidents during the year rose 23% compared to 2013.

 

Symantec research also reveals that it took software companies an average of 59 days to create and roll out patches, up from only four days in 2013. There were 24 total “zero-day” vulnerabilities, or software security gaps that hackers exploited the same day they were discovered, tracked in 2014.

 

Additionally, Symantec observed attackers:

 

• Using stolen email accounts from one corporate victim to “spear-phish” other victims higher up the food chain;

 

• Taking advantage of companies’ management tools and procedures to move stolen IP around the corporate network before exfiltration;

 

• Building custom attack software inside the network of their victims to further disguise their activities.

 

In addition, “ransomware” attacks where hackers take over a victim’s computer and refuse to return control until they receive payment, rose 113% in 2014. Notably, there were 45 times more victims of crypto-ransomware attacks than in 2013. Instead of pretending to be law enforcement seeking a fine for stolen content, crypto-ransomware attack style holds a victim’s files, photos and other digital content hostage without masking the attacker’s intention.