4 Reasons Data Breaches Are on the Rise

Last week the CyberEdge group released the 2015 Cyberthreat Defense Report that surveyed 800 IT Security professionals on cybersecurity matters. The report states that 71% of respondents' networks were breached in 2014, up from 62% in 2013. The expectation of further cyber-attacks is also rising: 52% of respondents believe a successful attack is likely in 2015, compared to 39% last year. Phishing, malware, and zero-day attacks were considered to pose the greatest cyber risks to responding organizations.


Data breach comparison from 2013 to 2014

Other reports have shown a similar rise in data breaches. A report released by the Identity Theft Resource Center (ITRC) notes 783 tracked data breaches in 2014, a substantial increase of 27.5% compared to 2013. In their 2015 Second Annual Data Breach Industry Forecast, Experian reports that nearly half of surveyed organizations suffered a data breach incident in the last 12 months.

The fact that 2014 saw a record high number of data breaches is not exactly surprising. If the beginning of 2015 is any indication, 2015 will surely surpass 2014 with even more data breaches.

So, why are data breaches on the rise? Here are four reasons:

1. Sophisticated Malware is Easy to Obtain

Hackers can now easily purchase sophisticated malware on the black market. This means that cyber criminals do not need access to advanced programming skills, making this an attractive source of income for a wider variety of criminals, compared to the past.

2. Cyber-Crime is Lucrative

Credit card records can reach $2 per record on the black market and health records at least $10. When data breaches are successful, the number of stolen records can be substantial: Target had 40 million credit card records compromised, Home Depot 56 million debit and credit cards and Anthem 80 million social security records along with other PII. It does not take long to do the math and understand why stealing data is a very lucrative business.

3. Increased Awareness

Many of these attacks are Advanced Persistent Threats (APTs), meaning that once the organization is infiltrated, the attackers will lie in wait until they have gathered enough information to strike. Since companies are now becoming more aware of cybersecurity, threats are being detected and reported that may have been present for quite some time. For instance, Anthem discovered their data breach this February, but they may have been infected as early as April of 2014.

4. Social Engineering

Advanced social engineering is relatively easy to do with all the information that is publicly available online. Company web pages and social media accounts such as Facebook, LinkedIn, and Twitter can all be used to glean information about individuals to make a spear phishing email look legitimate to the recipient.

If you don't want your company to be the next data breach to hit the news, you can read our ten tips on how to avoid data breaches.

OPSWAT offers a number of solutions to help organizations prevent data breaches, including multi-anti-malware scanning, advanced threat protection, data sanitization, email security, portable media security, and device monitoring & security.

Sign up for Blog updates

Get information and insight from the leaders in advanced threat prevention.