2016 saw approximately 82,000 cyber incidents that negatively impacted businesses and organizations around the globe; or, more than 225 organizations affected per day. It's higher when accounting for unreported incidents.
That’s the word from the Online Trust Alliance (OTA) 9th annual Cyber Incident & Breach Response Guide. Released in recognition of Data Privacy & Protection Day on Jan. 28, the guide shows that an average of 225 organizations were impacted worldwide every day, more than 20 times the rate of the consumer data breaches reported for 2016.
According to OTA, cyber incidents involve business interruption from ransomware, stealing of funds via business email compromise (BEC), distributed denial of service attacks (DDoS), and takeover of critical infrastructure and physical systems.
Examples include attacks on the Democratic National Committee which focused on unearthing political data and campaign intelligence for reputational harm, the breaching of the World Anti-Doping Agency database which resulted in the public disclosure of confidential medical data of world-class athletes, ransomware which resulted in the Hollywood Presbyterian Medical Center being taken offline for weeks and BEC, which successfully extracted millions of dollars in unauthorized bank transfers.
“The high-profile cyber incidents of 2016 have taught us that financial loss is only one of many other potential dangers of cybercrime,” said Craig Spiezle, executive director and president of OTA. “Organizations are susceptible to security threats, reputation damage and much more. It is essential for all organizations to plan ahead and secure technologies, processes and procedures to help prevent, detect, remediate and respond to the impact of a cyber incident.”
OTA came to its conclusions by tracking and analyzing threat intelligence data from multiple sources, including from the Anti-Phishing Working Group (APWG), the FBI, the Global Cyber Alliance, Infoblox, Interpol, Malwarebytes, Microsoft, Risk Based Security, Security Scorecard, Symantec, the US Secret Service and Verisign.
OTA also determined that more than 90% of all cyber incidents in 2016 could have been easily prevented. As outlined in OTA’s Guide, the best defense is a three-step strategy: Implement a broad set of operational and technical best practices that help maximize the protection of customer and company data; be prepared with an incident response plan that allows the company to respond with immediacy, while ensuring maximal business continuity; and understand that human factors play a critical role in how strong or weak an organization’s security defenses are, how they respond and most importantly how their actions are judged.
“Establishing safeguards upfront and being prepared to react strategically to cyber incidents are critical components of any healthy and sustainable enterprise,” said Johan Roets, CEO of Identity Guard. “Following OTA’s advice, as outlined in this guide, is an essential first step in protecting data and helping to decrease data loss incidents.”