Report: 59% of Compromised Identities Came from Retail Breaches in 2014
April 27, 2015
The total number of security breaches skyrocketed in 2014 compared to 2013, although the number of identities exposed per breach fell, according to the Internet Security Threat Report from California-based security software provider Symantec. In 2013 there were eight breaches in which more than 10 million identities were exposed compared to only 4 in 2014. Retail was disproportionately affected, however, with 59 percent of the total identities compromised (more than 200 million individuals) coming from retail security breaches. By number of incidents, the healthcare industry took the brunt of the punishment, accounting for 116 breaches compared to 34 in retail. And, the report said, hackers are employing shifting tactics to gain entry.
“Attackers don’t need to break down the door to a company’s network when the keys are readily available,” said Kevin Haley, director of Symantec Security Response. “We’re seeing attackers trick companies into infecting themselves by Trojanizing software updates to common programs and patiently waiting for their targets to download them—giving attackers unfettered access to the corporate network.”
The company had several recommendations for businesses trying to protect themselves: Use advanced threat intelligence solutions, implement multi-layered endpoint security, network security, encryption, strong authentication and reputation-based technologies, and prepare for the worst by practicing incident management.