Share this article on:
According to the Online Trust Alliance´s “Cyber Incident & Breach Trends Report”, 2017 was the “worst year ever” for cybersecurity incidents. The organization estimates that, based on the number of reported breaches, there were nearly double the number of cybersecurity incidents than in 2016.
The Online Trust Alliance´s “Cyber Incident & Breach Trends Report” is more than a review of the previous year´s cybersecurity incidents. The organization investigates how the incidents occurred in order to identify trends, and what could have been done to prevent the incidents so that businesses can implement appropriate measures to defend against future incidents.
The organization admits that the report´s headline figure of 159,700 cybersecurity incidents is a guesstimate based on the number of incidents reported during the third quarter of 2017. As the report states, many incidents are not reported, and the true figure could be much higher. However, using the same criteria, the organization guesstimated the number of cybersecurity incidents in 2016 at 82,000 – implying that there were nearly double in 2017.
Trends in Cybersecurity Incidents
The trends in cybersecurity incidents identified by the Online Trust Alliance will not surprise frequent visitors to HIPAA Journal. Ransomware attacks saw the biggest increase in numbers, but another type of ransom-based attack – the Ransom Denial-of-Service (RDoS) attack – was also identified as becoming more popular among cybercriminals. In this form of attack, cybercriminals threaten a Dedicated Denial-of-Service (DDoS) attack unless a ransom is paid in advance.
The organization also commented on the new risk threats generated by the growth in IoT devices, and an 85% increase in malicious email. The increase in malicious mail included a 90% increase in business-targeted ransomware and a rise in the number of BEC attacks. It was calculated there had been a four-fold increase in the number of records breached in 2017 and an estimated loss to US companies of $1.6 billion due to BEC attacks reported to the FBI (since 2015).
Key Avoidable Causes of Incidents
The report´s authors claim that 93% of breaches could have been avoided with proper preparedness and due diligence. The key avoidable causes of incidents were the failure to regularly patch software vulnerabilities and implement appropriate controls to prevent insider theft or the accidental exposure of confidential data. As the majority of successful ransomware attacks are initiated by malicious emails, the report suggests not enough is being done to block spam and train users to recognize phishing attacks.
Other areas identified as being avoidable causes of cybersecurity incidents included:
- The lack of a thorough risk assessment to include internal and external partners, and third-party or cloud-based services.
- Misconfigured servers and devices, and out-of-date operating systems and applications that were no longer supported.
- The failure to encrypt data and safely manage encryption keys. The lack of encryption led to a loss of data when devices and drives are lost, stolen or hacked.
Conclusions from the Cyber Incident and Breach Trends Report
The “Cyber Incident & Breach Trends Report” does not include much information that most healthcare IT experts are not already aware of. However it does act as a good summary of best practices businesses should adopt to mitigate the risk of cybersecurity incidents. One particularly valid point made in the report is that “security and privacy are not absolute and must evolve”. Businesses are recommended to regularly review their procedures for creating, maintaining and transmitting data, especially in light of evolving threats, changing technologies and new regulations.