[BreachExchange] 2016 Reported Data Breaches Expose Over 4 Billion Records

[Audrey McNeil]

https://www.riskbasedsecurity.com/2017/01/2016-reported-
data-breaches-expose-over-4-billion-records/

Risk Based Security today announced the release of the annual Data Breach
QuickView report that shows 2016 broke the previous all-time high, set back
in 2013, for the number of records exposed from reported data breaches.
The 4,149 data breaches reported during 2016 exposed over 4.2 billion
records.

“There have been numerous sources discussing data breach statistics
recently, however, their reported numbers are either not accurate or
missing information when compared to our dataset. While the number of data
breaches actually remained relatively flat from last year, the big story
coming out of 2016 is obviously the massive increase in the number of
records exposed.” said Inga Goddijn, Risk Based Security’s Executive Vice
President.

Risk Based Security’s newly released 2016 Data Breach QuickView Report
shows that breaches taking place at FriendFinder Networks, Myspace and
Yahoo accounted for more than 2.2 billion records compromised.  In fact,
the rise of the mega breach trend continued as ninety-four (94) breaches in
2016 exposed one million or more records.  That being said, 50.4% of data
breaches reported only exposed between one and 10,000 records.

Only 18.3% of data breaches that occurred were actually the result of
insider activity, and Hacking continues to dominate as the leading breach
type, with SQL injection the predominant method utilized. Stolen laptops,
which were once a leading cause of data compromise, accounted for only 67
(1.6%) of breaches in 2016.

“Another ongoing issue continues to be misconfigured databases and other
inadvertent web based disclosures as they exposed over 253 million records
in 2016.  As criminals expand this same technique to additional technology
we expect more of this activity to come in 2017.” added Goddijn.

With 102 countries reporting at least one data breach in 2016, Risk Based
Security’s research suggests that no industry, organization size or
geographic location, is immune to a data breach. The total number of
reported breaches tracked by Risk Based Security has exceeded 23,700,
exposing over 9.2 billion records.

About the Data Breach QuickView Report

The Data Breach QuickView report is possible through the research conducted
by Risk Based Security. It is designed to provide an executive level
summary of the key findings from RBS’ analysis of 2016’s data breach
incidents. Contact Risk Based Security for your customized analysis of the
2016 data breaches.

You can get your copy of 2016 Data Breach QuickView report here:

https://pages.riskbasedsecurity.com/2016-ye-breach-quickview

About Risk Based Security

Risk Based Security (RBS) provides detailed information and analysis on
Data Breaches, Vendor Risk Ratings and Vulnerability Intelligence. Our
products, Cyber Risk Analytics (CRA) and VulnDB, provide organizations
access to the most comprehensive threat intelligence knowledge bases
available, including advanced search capabilities, access to raw data via
API, and email alerting to assist organizations in taking the right actions
in a timely manner.  In addition, our YourCISO offering provides
organizations with on-demand access to high quality security and
information risk management resources in one, easy to use web portal.

VulnDB is the most comprehensive and timely vulnerability intelligence
available and provides actionable information about the latest in security
vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API for easy
integration into GRC tools and ticketing systems. VulnDB allows
organizations to search on and be alerted to the latest vulnerabilities,
both in end-user software and the third-party libraries or dependencies
that help build applications. A subscription to VulnDB provides
organizations with simple to understand ratings and metrics on their
vendors and products, and how each contributes to the organization’s
risk-profile and cost of ownership.

Cyber Risk Analytics (CRA) provides actionable threat intelligence about
organizations that have had a data breach or leaked credentials. This
enables organizations to reduce exposure to the threats most likely to
impact them and their vendor base. In addition, our PreBreach vendor risk
rating, the result of a deep-view into the metrics driving cyber exposures,
are used to better understand the digital hygiene of an organization and
the likelihood of a future data breach. The integration of PreBreach
ratings into security processes, vendor management programs, cyber
insurance processes and risk management tools allows organizations to avoid
costly risk assessments, while enabling businesses to understand its risk
posture, act quickly and appropriately to proactively protect its most
critical information assets.

YourCISO provides organizations with on-demand access to high quality
security and information risk management resources in one, easy to use web
portal.  YourCISO provides organization ready access to a senior executives
and highly skilled technical security experts with a proven track record,
matched specifically to your needs. The YourCISO service is designed to be
an affordable long term solution for addressing information security
risks.  YourCISO brings together all the elements an organization needs to
develop, document and manage a comprehensive information security program.

For more information, please visit:

https://vulndb.cyberriskanalytics.com/

https://www.cyberriskanalytics.com/

https://www.yourciso.com/

or call 855-RBS-RISK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170125/347758ab/attachment.html>