Earlier this month, IBM released a report indicating cyber-attacks during the 2014 holiday shopping season were down dramatically. Headlines like “Number of cyber-attacks on retailers drop by half” and “IBM: Cyber Attacks, Victims Drop in 2014” on Jan. 5, when IBM released its report, offer hope — giving the impression that we may have turned a positive corner with regard to our data security and the threat of future cyber-attacks.
But this seemingly good news may be more like a wolf in sheep’s clothing.
Why? It has to do with timing. The Target data breach, for example, happened in 2013 and equated to the breach of about 12 million people’s information—a substantial attack, and one of the largest in the nation’s history. Then there was the Home Depot breach—which was the largest data breach in our history, affecting possibly more than 40 million individuals. It also happened in 2013. When you take Target and Home Depot out of the scenario, the picture is far more grim.
While the IBM research and intelligence report says cyber-attacks dropped by 50 percent since 2012, it also showed that hackers stole upwards of 61 million records from retailers in 2014. That’s a 43 percent increase over 2013, if the Home Depot and Target breaches are not considered.
Additionally, the IBM report takes into account only “reported” incidents of data breaches. It’s possible—even likely—that there are more data breaches that occurred during the 2014 holiday shopping season than retailers have disclosed publicly. That’s either because those retailers don’t yet know that their systems have been compromised or they know but have yet to report it to the appropriate officials, or they have reported the breaches to authorities, but have not made those reports public.
The increase in records stolen and the decrease in actual attacks may also indicate the rising sophistication level of cyber attackers. As the numbers indicate, hackers appear to be more targeted in their attacks—obtaining larger quantities of valuable data in fewer hacks.
On its face, the findings in the study initially sound promising. But once you look at the numbers and consider the facts, data breaches are more of a threat than ever, and not just to retailers. Companies must continue to make cyber security a top priority in 2015 and beyond.