Every business vertical and all levels of government experienced data breaches in 2014, and the outlook for 2015 isn’t encouraging. In our latest infographic, we break down 2014’s data breaches by sector and size.
In the retail space, attack activity is expected to accelerate even as credit card companies roll out pin and chip technologies mandated for use in 2016. According to the 2015 “Experian Data Breach Forecast”, “Adoption requirements for EMV ’Chip and PIN‘ technology being implemented may drive an increase in the frequency of payment breaches as the window closes for hackers to profit from this type of attack on brick-and-mortar retailers.”
The healthcare industry (payers and providers) will likely continue to attract a larger percentage of data breaches in 2015. This vertical has experienced issues with understaffed IT security departments and a mandate that puts helping the sick above making sure the “right person” sees your data. This makes it a challenge to comply with data privacy requirements in HIPAA/HITECH regulations and prevent personally identifiable information from falling into the hands of an attacker.
State and local governments, especially in less populated regions, were hard hit in 2014, with Montana, Oregon and Louisiana each experiencing data breaches. Even the organization that performs top-secret clearance work for the federal government was hacked. Stealing the identities of hundreds of thousands of citizens opens up a lot of possibilities for an attacker.
The common theme across data breaches caused by malicious attackers has been the use of valid user credentials in all of the reported hacks, which attackers obtain through social engineering techniques. Either through remote controlled malware or directly on a system, attackers used or created credentials to steal valuable data. Business and government organizations do not have an adequate strategy for detecting the attacker that sidesteps perimeter defenses. User behavior intelligence solutions not only provide detections and coverage, but also create security operational efficiencies.