2017 has officially smashed the record books for data breaches, according to Risk Based Security’s annual report—another sign that criminal hackers are winning.
In total, there were over 5,200 breaches and almost 8 billion user records exposed. Compare that to 2016’s total of 4 billion records and 2017 was twice as ugly.
Hacking was a popular method for the data leaks, but it wasn’t the main reason for the massive spike. This was due to unintentional leaks; in other words, human error. Employee screwups caused approximately 5.4 billion records to be leaked, stemming from faulty backups, misconfigurations, and other errors.
One of the biggest players in these leaks was Simple Storage Service, part of Amazon Web Services. According to RedLock CSI, about 53% of companies using these services have exposed at least one of their services to the internet, though in an unintentional manner. Some of the bigger names that fall into this group include Verizon, Accenture, and Booz Allen Hamilton, where one or more of their cloud services were inadvertently exposed to the internet.
What’s even scarier is that most of these exposures could have been prevented.
Big data and big breaches
When looking at the Top 20 list of all-time biggest breaches in history, a staggering eight occurred in 2017. Some of the big players here included Sabre Systems and the infamous Equifax breach. Sabre Systems, in particular, is interesting because we don’t yet know the full extent of the breach. Information is still being collected, but it could go up from millions of records to, potentially, billions of records.
Forty percent of data breaches in 2017 occurred within the business sector and a further 8% in the medical industry. Government and education breaches were responsible for about 7% and 5%, respectively.
The U.S. by far and away had the most breaches with 2,330, followed by the UK at 184, Canada at 116, India at 78, and Australia at 62. However, in May, the European Union’s General Data Protection Regulation goes into effect, and with new rules for mandatory breach notifications, we may see numbers from Europe go up.
At least the U.S. is not near the top for the median number of lost records, however. America’s 1,458 pales in comparison to China’s 11.8 million.
One sliver of good news is that, despite the increase in data breaches year-over-year, the severity of these attacks is not getting worse, with the report stating that severity actually went down in Q4.
While it’s unlikely that 2018 will see a dramatic reduction compared to 2017’s record-breaking number of data breaches—in fact, it may well surpass it—the number of breaches caused by human error means there’s a big opportunity for improvement.
Improved training, for starters, could go a long way. Things like making sure a company’s staff better understand phishing attacks, and implementing mandatory phishing simulation training, as well as other online security training.
As for what you can do, be sure to read our in-depth guide on how to significantly improve your personal online privacy. And keep checking back on our Hotspot Shield blog for more content on how to protect yourself.
Photo via grover_net on Flickr