More than 500 million digital identities were stolen or exposed in 2015, according to Symantec’s Internet Security Threat Report.
On average, each data breach exposed more than 1.3 million identities, but the report identified nine ‘megabreaches’ (those leaking of over 10 million records in a single attack) in 2015. By contrast, in 2014 only four breaches were this severe. And with these nine megabreaches, the total reported number of exposed identities jumped 23 percent to 429 million.
The report also revealed that 430,000,000 new pieces of malicious code being were created in 2015, a 36% increase. Ransomware attacks rose by a comparable margin, and certain social engineering scams grew exponentially. For instance, bogus technical support calls increased by 200%.
The report identified 54 zero-day vulnerabilities in 2015, the majority of which existed in widely-used pieces of software. Four out of the five most exploited zero-day vulnerabilities were found in Adobe’s Flash Player, which is installed on more than one billion of the world’s desktops.
While infiltrations increased across all industries, healthcare data breaches were the most common type of data security incident reported in 2015.
Why healthcare? Most explanations focus on the top dollar health records command on the dark market. But peeling the onion just a bit, the surge in healthcare breaches as compared to other industries could simply reflect stricter regulatory requirements around reporting.
Because the most disturbing finding in the report is that more and more companies chose not to reveal the full extent of the breaches they experienced. Companies choosing not to report the number of records lost increased by 85 percent. Those unreported breaches likely push the real number of records lost to more than half a billion.
Image source: Symantec