2017: The Year of the Data Breach


According to the Chinese zodiac, 2017 is the Year of the Rooster. However, for cybersecurity professionals, it might as well be the year of the data breach. High-profile revelations about data breaches at Equifax Inc., Yahoo Inc., and Uber Technologies Inc. have dominated headlines, propelling cybersecurity-related issues to the top of concerns for businesses and consumers alike. 

According to the latest report by nonprofit organization Identity Theft Resource Center (ITRC), as of Dec. 13 there have been a record-setting 1,253 publicly reported data breaches in 2017. Previously, 2016 reigned as the most data breach-prone year on record, with 1,093 data breaches. According to the ITRC, commercial businesses accounted for more than 50 percent of data breach targets, and more than 157 million compromised records. Following commercial businesses, medical and health-care entities were targeted in 28.3 percent of data breaches, the report said.

In addition to record-setting numbers of data breaches, new malware hit an all-time high this year. According to McAfee Labs Threat Report for December 2017, there were a record 57.6 million new malware samples in the third quarter of 2017, a 10-percent increase from the second quarter. Among different types of malware, there was a 36-percent increase in new ransomware in the third quarter. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid using cryptocurrency, such as bitcoin.

Ransomware took the world by storm in 2017, first with the WannaCry attack in May and then the Petya attack in June. The worldwide ransomware attacks targeted a wide range of entities, including banks, hospitals, and commercial businesses, showing that cybercriminals do not discriminate among targets. 

In a recent International Association of Privacy Professional webinar, sponsored by Bloomberg Law, cybersecurity attorneys said that in general, cybercriminals target companies and institutions that will pay the ransom. The average payout of a ransomware attack in 2017 is $554, they said. The relatively low ransom figure was due to the fact that cybercriminals want to make ransomware attacks a recurring business model, according to the webinar panelists. Financial services and health-care companies are most commonly targeted, but no industry is immune, they said.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.