Risk Based Security released their 2014 data breach report (available here) with some impressive numbers. I am just going to highlight a few; read the report if you would like more details.
- 3,014 data breach incidents (up 28.5%)
- 1.1 Billion records breached (up 22.3%)
- 72.5% of the incidents released less than 10,000 records
- 55.3% of the incidents released less than 1,000 records
- 83.3% were lost due to traditional hacking, with fraud and social engineering making up another 14.3%, so the breaches are overwhelmingly malicious (out for the money).
- There were 5 incidents in the all time 10 worst list
To have breaches go up by around 25% year over year is not a good sign. That 55% of the breaches released less than a thousand records and 72% released less than 10,000 records supports other statistics that small and medium businesses are the targets of hackers. This supports the First Data numbers of 70% of the breaches are against small and medium businesses.
That there were 5 breaches that made the all time top 10 list is unfortunate and they include several you probably have never heard about (the NYC taxi commission lost 173 taxi trip records).
The message is that just because you are not Home Depot or Sony, it doesn’t mean the hackers are not coming after you.