Dive Brief:
- Symantec's 2016 Internet Security Threat Report found nine mega breaches, and half a billion stolen records with ransomware attacks increasing by 35% last year.
- Healthcare received the most attacks out of all service industries in the country, and attacks by organized criminals are becoming more sophisticated, according to the report.
- A separate report by the Identity Theft Resource Center (ITRC) found 6.2 million healthcare records already exposed so far this year and the IRS reported a 400% increase in tax-related phishing and malware over January and February this year.
Dive Insight:
The ITRC report showed 176.5 million medical records exposed since 2005, 1.5 million of which have occurred since 2014. Employee error, negligence, and insider theft were responsible for 371 data breaches. Criminals look for vulnerabilities first to access information, according to Symantec's report.
Malware is becoming more sophisticated, with more than 430 million new variants last year.
Eva Valasquez, CEO of ITRC, said that 575 healthcare breaches since 2010 have exposed more than 142 million social security numbers, which is causing the rise in tax fraud.
"Advanced criminal groups now echo the skill sets of nation-state attackers," Symantec Security Response Director Kevin Haley said in a company press release. "They have extensive resources with a highly-skilled technical staff that operates with such efficiency they maintain normal business hours and even take the weekends and holidays off."
Haley added that more companies are not revealing important details after a breach - what he calls a "disturbing trend.” Transparency is key to security, he said. “By hiding the full impact of an attack, it becomes more difficult to assess the risk and improve your security posture to prevent future attacks.”