Internet security report brands 2013 as ‘Year of the Mega Breach’

By Erin Ayers on April 22, 2014

A recent report from Symantec labeled 2013 as the “Year of the Mega Breach,” with the personal information of over 552 million people exposed in 253 data breaches.

Internet security firm Symantec keeps track of malware, phishing scams and other forms of cyber espionage. The firm sought to quantify the magnitude of the data exposed in 2013.safecracker

“The total number of breaches in 2013 was 62 percent greater than in 2012 with 253 total breaches. It was also larger than the 208 breaches in 2011. But even a 62 percent increase does not truly reflect the scale of the breaches in 2013. Eight of the breaches in 2013 exposed more than 10 million identities each,” stated the firm.

“In 2012 only one breach exposed over 10 million identities. In 2011, only five were of that size. 2011 saw 232 million identities exposed, half of the number exposed in 2013. In total over 552 million identities were breached in 2013, putting consumer’s credit card information, birth dates, government ID numbers, home addresses, medical records, phone numbers, financial information, email addresses, login, passwords, and other personal information into the criminal underground.”

Read the Full Report

Targeted attacks against companies that collect data have continued to rise, Symantec found.

The most common targets for attacks were governments and the service industries. However, the report highlighted mining, public administration and manufacturing as industries most at risk of attack. The report showed one in three organizations in those industries were targeted in 2013.

“Spear phishing” campaigns – fake emails designed to trick people into giving up financial or personal data – continue to be quite popular with cybercriminals. However, Symantec found that the number of phishing emails tracked each day dropped in 2013, to 83 from 116 in 2012. Spear phishing refers specifically to attacks aimed at business email addresses.

Mobile Danger

The rapid rise in the use of mobile devices and social media networks is creating an “environment for explosive growth” in scams and malware, Symantec said.

While mobile malware hasn’t reached the heights of more traditional cybercrimes, signs point to vulnerability. Symantec explained that its Norton Report showed that 38 percent of mobile device users had experienced a breach of personal information, usually via a lost or stolen device.

“Mobile users are behaving in ways that leave themselves open to other problems. Mobile users are storing sensitive files online (52 percent), store work and personal information in the same online storage accounts (24%) and sharing logins and passwords with families (21 percent) and friends (18 percent), putting their data and their employers’ data at risk,” said Symantec. “Yet only 50 percent of these users take even basic security precautions.”

IoT Access

Symantec noted that 2013 brought about hacking attempts on devices such as baby monitors, security cameras and routers. The firm suggested that these practices represent the risk offered up by “the Internet of Things” (IoT).

“The benefit to attackers of compromising these devices may not yet be clear, and some suspect claims about hacked devices (refrigerators for instance) are to be expected. But the risk is real,” said Symantec. “IoT devices will become access points for targeted attackers and become bots for cybercriminals.”

The firm added, “Today the burden of preventing attacks against IoT devices falls on the user; however this is not a viable long-term strategy. Manufacturers are not prioritizing security – they need to make the right security investments now. The risk gets even higher with the proliferation of data being generated from these devices. Big data is big money and unless the right security steps are taken it’s all available for an enterprising cybercriminal.”

erin.ayers@zywave.com'

Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].