A new report shows the United States led the world in data breaches last year by a large margin.
The report, from Risk Based Security, found that there were 4,149 data breaches reported during 2016, which exposed over 4.2 billion records. And nearly half, 47.5%, of announced data breaches in 2016 that exposed user data—and 68.2% of breached records—came from the US.
But lest one think that the US is more dangerous than elsewhere, Philip Lieberman, president of Los Angeles-based Lieberman Software, said to take the stats with a grain of salt.
“The conclusion one might take away from the report on breaches in the USA was that the USA was behind the rest of the world,” he said via email. “In reality, the rest of the world is getting breached more thoroughly than the USA. The lack of security maturity outside the USA contributes the near complete lack of visibility into their intrusions and virtually complete and invisible compromise for an indefinite period of time.”
He added, “As a security vendor we track our sales within and outside the USA and it is clear from our numbers and our peers, that sales of security solutions outside the USA are minimal, and given these countries don’t have any special secret sauce to protect them, leads us to conclude that total compromise is the normal situation of most companies and governments outside the USA. USA security is generally better than anywhere else due to investment, training and expertise.”
Others think the numbers paint an accurate picture.
“Three significant factors influence these results. First, a massive number of the hackers that attack US targets are based in Russia and coordinate attacks on the US with involvement of the State, while the US does not do the same,” said John Gunn, VP of communications, VASCO Data Security, via email. “Second, some of the highest value assets are here in the US, so of course we are the subject of a magnitude greater number of attacks, some of which are successful. Third, it is likely that the reporting of successful attacks in some of the countries, such as Russia, is not accurate.”
Dániel Bagó, product marketing manager at Balabit, told us that fresh technology could turn the tide.
"The largest portions of most IT budgets are spent on technologies that keep the bad guys out, but these don’t address targeted attacks or APT's where the bad guys have already made it inside,” he said. “IT security teams need to be able to detect when an intruder is misusing a legitimate privileged users' account.”
He added, “AI and machine learning based security technology advances have matured greatly—enough to automate many manual processes and save time and costs, enabling security teams to focus on their real and most critical problems—chief of which is detecting when they are really hacked."