Hacking and mega-breaches: 2018 the worst year yet?
The number of reported data breaches in 2018 is at a consistent pace with this same time period in 2017, according to new research from Risk Based Security, but there’s a catch: mega-breaches and hacking persist as top cybersecurity concerns across all industries.
WHY IT MATTERS
So far there have been 3,676 publicly disclosed data breaches across all industries exposing approximately 3.6 billion records.
Seven of the breaches through the third quarter of this year exposed 100 million or more records, with the 10 largest accounting for 84.5 percent of the records exposed, the report said.
Hacking continues to be the leading cause of data breaches, accounting for 57.1 percent and fraud was the cause of the most records being exposed, accounting for 35.7 percent.
THE BIGGER TREND
“Despite the decrease from 2017, the overall trend continues to be more breaches and more ‘mega breaches’ impacting tens of millions, if not hundreds of millions, of records at once,” said Inga Goddijn, executive vice president for Risk Based Security.
Threats continue. For example, a new Symantec report found that the notorious, highly targeted SamSam ransomware virus is primarily hitting the U.S. – especially the healthcare sector, where hackers may believe organizations are more likely to pay. SamSam breaks into networks and encrypts multiple computers across an organization. The clean-up costs can run in the double digit millions, according to Symantec.
While healthcare organizations are better at understanding and investing in cybersecurity needs, hackers are keeping pace -- and then some, according to a panel of CISOs at the HIMSS Healthcare Security Forum in Boston late last month. When asked to rank the cybersecurity posture of the healthcare sector, four healthcare infosec leaders found that while the industry has improved, there’s still a long way to go.
Anahi Santiago, chief information security offier of Christiana Care Health System, said larger organizations are much more secure — but small to mid-size hospitals are struggling.
In the next five years, healthcare will be the biggest target, information security experts say, and hackers will be able to quantify how they can monetize the data. As the use of healthcare data matures, the hackers will keep pace. In the end, healthcare will only be successful when infosec leaders have a seat at the table when it comes to strategy,
ON THE RECORD
“The number of reported breaches shows some improvement compared to 2017 and the number of records exposed has dropped dramatically,” said Inga Goddijn, executive vice president for Risk Based Security. “However, an improvement from 2017 is only part of the story, since 2018 is on track to have the second most reported breaches and the third most records exposed since 2005.