CAMBRIDGE, Mass., March 29, 2017 /PRNewswire/ -- IBM (NYSE: IBM)
Security today announced results from the 2017 IBM X-Force Threat
Intelligence Index which found the number of records compromised
grew a historic 566 percent in 2016 from 600 million to more than 4
billion. These leaked records include data cybercriminals have
traditionally targeted like credit cards, passwords and personal
health information, but IBM X-Force also noted a shift in
cybercriminal strategies. In 2016, a number of significant breaches
related to unstructured data such as email archives, business
documents, intellectual property and source code were also
compromised.
The IBM X-Force Threat Intelligence Index is comprised of
observations from more than 8,000 monitored security clients in 100
countries and data derived from non-customer assets such as spam
sensors and honeynets in 2016. IBM X-Force runs network traps
around the world and monitors more than eight million spam and
phishing attacks daily while analyzing more than 37 billion web
pages and images.
"Cybercriminals continued to innovate in 2016 as we saw
techniques like ransomware move from a nuisance to an epidemic,"
said Caleb Barlow, Vice President of
Threat Intelligence, IBM Security. "While the volume of records
compromised last year reached historic highs, we see this shift to
unstructured data as a seminal moment. The value of structured data
to cybercriminals is beginning to wane as the supply outstrips the
demand. Unstructured data is big-game hunting for hackers and we
expect to see them monetize it this year in new ways."
Spam Surges on Back of Ransomware
In a separate study
last year, IBM Security found 70 percent of businesses impacted by
ransomware paid over $10,000 to
regain access to business data and systems. In the first three
months of 2016, the FBI estimated cybercriminals were paid a
reported $209 million via ransomware. This would put criminals on
pace to make nearly $1 billion from
their use of the malware just last year.
The promise of profits and businesses increasing willingness to
pay empowered cybercriminals to double down on ransomware in 2016.
The primary delivery method for ransomware is via malicious
attachments in spam emails. This fueled a 400 percent increase in
spam year over year with roughly 44 percent of spam containing
malicious attachments. Ransomware made up 85% of those malicious
attachments in 2016.
Shift from Healthcare back to Financial Services
In
2015, Healthcare was the most attacked industry with Financial
Services falling to third, however, attackers in 2016 refocused
back on Financial Services. While Financial Services was targeted
the most by cyber-attacks last year, data from the X-Force report
shows it was only third in compromised records. The lower success
rate versus the high volume of attacks in Financial Services
indicates that continued investment in sustained security practices
likely helped protect financial institutions.
The healthcare industry continued to be beleaguered by a high
number of incidents, although attackers focused on smaller targets
resulting in a lower number of leaked records. In 2016, only 12
million records were compromised in healthcare - keeping it out of
the top 5 most-breached industries. For perspective, nearly 100
million healthcare records were compromised in 2015 resulting in a
88 percent drop in 2016.
Information & communication services companies and
government experienced the highest number of incidents and records
breached in 2016.
- Information and Communications (3.4 billion records leaked and
85 breaches/incidents)
- Government (398 million records leaked and 39
breaches/incidents)
Good News for Defensive Strategies
The average IBM monitored security client organization
experienced more than 54 million security events in 2016—only three
percent more events than 2015. This was marked by a 12 percent
decrease year-over-year in attacks. As security systems are further
tuned and new innovations like cognitive systems grow, the number
of incidents overall dropped 48 percent in 2016.
To download a copy of the 2017 IBM X-Force Threat Index please
visit:
http://ibm.co/2nJ0oqd.
About IBM Security
IBM Security offers one of the most
advanced and integrated portfolios of enterprise security products
and services. The portfolio, supported by world-renowned IBM
X-Force® research, enables organizations to effectively manage risk
and defend against emerging threats. IBM operates one of the
world's broadest security research, development and delivery
organizations, monitors 35 billion security events per day in more
than 130 countries, and holds more than 3,000 security patents. For
more information, please visit www.ibm.com/security, follow
@IBMSecurity on Twitter or visit the IBM Security Intelligence
blog.
Contact:
Kelly Kane, IBM Security
413-297-2668
kkane@us.ibm.com
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/ibm-x-force-finds-historic-number-of-records-leaked-and-vulnerabilities-disclosed-in-2016-300430876.html
SOURCE IBM