Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET

Infographic: US Data Breaches in 2014

Throughout 2014, news of electronic data theft was rarely out of the mainstream headlines in the United States. Target, Home Depot, Kmart, Sony, and and more made headlines. The nature of attacks and attackers has changed. Gone, mostly, are the days of some teenager stretching their hacker wings from their parent’s basement, and now we’re in the days of well-funded professional thieves, government-sponsored espionage, and hacktivism.

A group called 27001 Academy posted an infographic not long ago that summarizes the nature and quantity of data breaches in the United States throughout last year. The United States is a small percentage of the world’s population, but we can probably use the presented statistics as a sample for what happened in the rest of the world.

US Data Breaches in 2014
2014 Data Breaches in the United States Infographic – created by 27001Academy

Year on Year Growth

2014 was a good year for digital thieves. According to 27001 Academy, there was a 27.5% increase in data breaches in the United States, up from 616 incidents to 783. We cannot expect these figures to start a permanent slide for quite some time. There is just too much potential profit to be made by criminal organizations, and sadly in my opinion, some organizations are criminally negligent with updating and protecting their systems and applications.

On a positive note, the number of reported data breaches was down by 7.1% from 91,982,172 breached data records to 85,611,528. I don’t think we can jump for joy with this news. Control was lost over some 85 million individual data records, potentially affecting 85 million people in the USA and abroad.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

There was a pretty uniform distribution attacks across 2014 with an average of 60.99 incidents per month with one exception; January had an 85% higher than normal rate of incidents. I am not aware of any reason for this spike; maybe it was a hangover from the Target breach in late 2013, which happened in November to December 2013 but made news in January 2014.

Affected Industries

There is good news for those working in education; the number of attacks only rose from 54 to 57. Government and military sites are obvious targets for espionage and hacktivism, or maybe it is a coincidence that the Chinese Shenyang J-31 stealth fighter bears a striking resemblance to the American-made F-35.

The medical industry saw an increase from 271 to 333 incidents. Why would anyone want my medical records? I doubt they want to see anyone’s dental records or prescriptions, but social security numbers and payment details are usually stored in medical databases and have a significant value. It is estimated that the cost to the US healthcare industry might be as much as $5.6 billion.

Banks, those companies that often insist on using Java apps to access their services, have also seen a 26% rise in incidents since 2013.

The business category, which is just ordinary organizations, saw a significant rise from 195 to 258 attacks. Most of us don’t think that we have state secrets to hide. But obviously we have information of value. Think about it; how do your employers take payments and bank profits? But there are less obvious prizes too, like gateways into partner companies. It is rumored that an attack on RSA led to 70+ such attacks a few years ago.

Security is a Moving Target

The old days of install antivirus, approve your updates, and install a firewall are long since past. Security is a full-time profession. Zero-day attacks are crippling businesses. Legacy active scanning anti-malware cannot keep up with the escalating rate of threat releases. Organizations need to implement real, layered, multi-vendor and multi-dimensional defenses, accompanied by genuine director-level support, employee education, and enforcement.

Actually, that advice was valid years ago. In the real world, we know these sorts of polices are often announced but don’t really happen. Attacks are growing in frequency, targeting small-to-medium businesses, government, and large enterprises. The data contained in this infographic provide the evidence that we need to learn how to continually evolve and improve our defenses against this agile and very motivated attackers.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.

Live on Tuesday, September 28th, at 9:30 AM ET!

GET-IT: EndPoint Management 1-Day Virtual Conference

The management of endpoints is complicated and the risks associated with having unsecured devices roaming outside the firewall are quickly becoming a targeted vector for malicious users. In this Petri one-day virtual conference, we will be diving deep into how you can improve the way you manage your endpoints and learn from industry experts and MVPs about best practices, available tools to streamline your operations, and what's coming soon with Windows 11.


Sponsored By

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: