Cyber Attackers Stole More Than 61M Customer Records in 2014

New data from IBM (IBM) showed that despite a decline in cyber attack incidents against U.S. retailers, the number of customer records stolen during cyber attacks remained near record highs in 2014.

IBM reported that cyber attackers secured more than 61 million retail customer records in 2014, down from almost 73 million in 2013.

When IBM narrowed its data down to only incidents involving less than 10 million customer records (which excludes the top two attacks over this timeframe, Target Corporation and The Home Depot), the number of records compromised last year increased by more than 43 percent over 2013. IBM said that cyber criminals have become more sophisticated in reaching customer records.

“The threat from organized cyber crime rings remains the largest security challenge for retailers,” IBM Security Services General Manager Kris Lovejoy said in a prepared statement. “It is imperative that security leaders and chief information security officers (CISOs) in particular use their growing influence to ensure they have the right people, processes and technology in place to take on these growing threats.”

Other IBM findings included:

  • There has been a 50 percent decrease in the number of retail data breaches since 2012.
  • The retail and wholesale industries were the top industry targets for cyber attackers in 2014.
  • The majority of cyber attacks against retailers involved command injection or SQL injection. Additional attack methods included Shellshock as well as point-of-sale (POS) malware such as BlackPOS, Dexter, vSkimmer, Alina and Citadel.
  • There were 3,043 daily cyber attacks in the two-week period around Black Friday and Cyber Monday (from Nov. 24 to Dec. 5), which was nearly one-third less than the average number of cyber attacks during this period in 2013.

IBM said the data for the number of records compromised and data breaches disclosed was analyzed by its security experts.

Technology is key for organizations to combat cyber threats

IBM’s third annual Chief Information Security Officer (CISO) study, released last month, showed that many organizations view technology as a critical part of their IT security plans, and as a result, these organizations are prioritizing big data, cloud and mobile tools to eliminate cyber threats.

External threats are creating new IT security challenges for enterprise leaders as well, according to IBM, and the majority of organizations are evaluating data leakage prevention, cloud security and mobile/device security solutions to eliminate these problems.

“Security leaders must now use this growing influence to deliver better results: prioritizing the protection of critical assets, focusing investments on intelligence and recruiting top industry talent to augment internal efforts,” IBM Security Systems General Manager Brendan Hannigan said in a prepared statement.