Symantec Study Reveals That 2013 Saw The Most Data Breaches in History, More Than 550 Million Identities Compromised
To most consumers, data breaches and network security flaws don't mean much, as long as an antivirus software is protecting our PC most of us are happy. However, for the people that have had their personal information compromised, data breaches represent a real threat to their financial and sometimes physical wellbeing.
According to Symantec's most recent 2014 Internet Security Threat Report (ISTR), 2013 saw more data breaches than any other year in recorded history. Most of the breaches occurred in relation to a number of mega attacks that struck a handful of massive companies and organizations, including but not limited to Adobe, AOL, Target, Evernote, LivingSocial, and even several government databases.
Although we've known for months that 2013 was a horrible year for cyber security, it wasn't truly apparent just how bad the spike in security breaches was until Symantec's recent report put it all into numbers. There were a whopping 258 breaches during the year, a more than 60% increase from 2012. A total of 550 million identities were compromised, with 80 million of those leaking from just 8 individual incidents.
Unfortunately, almost all of the top ten breaches took place against US companies/organizations, and perhaps even more frightening is the fact that there could be many more breaches that were never discovered.
So what do these data breaches mean for the people involved? Well to start, an unknown hacker or criminal organization now has access to sensitive data like their home addresses, phone numbers, birth dates, credit card numbers, and even social security numbers. It is yet to be seen how much identity theft and fraud will arise from these attacks, bit it is likely that it will be nearly impossible to trace future crimes back to the mega breaches of 2013.
Before 2013, the busiest year for cyber attacks was 2011 with a total of 208 breaches. However, most of those events were smaller attacks launched against poorly secured databases, whereas most of 2013's attacks were far more organized and targeted larger enterprises through their affiliates, PR partners, and personal assistants.
Apparently the hackers responsible for last year's tsunami of breaches were able to infiltrate larger enterprises by compromising the security of lower-level associates who were given access to highly secured databases but had failed to sufficiently secure their own systems.
By sneaking in through third-party login portals the hackers have given the cyber security industry a heralding reminder that securing the systems and networks of an enterprise is not enough - organizations also need to be aware of the security practices of any partners who have access to their databases.