-- In addition to nine “mega-breaches” of personal data in 2015, tens of millions of personal records were likely exposed or stolen by cyber criminals the same year but went unreported because the companies or entities involved chose to keep the size of the breach a secret, according to a new cyber security report.
“Transparency is critical to security,” Symantec Security Response Director Kevin Haley said in a written statement. “By hiding the full impact of an attack, it becomes more difficult to assess the risk and improve your security posture to prevent future attacks.”
The Symantec report, released today, also revealed a shocking increase in the sophistication of cyber-criminal groups. For instance, the firm said it could identify an unprecedented 54 so-called “zero-day” exploits discovered in 2015 – more than in the last two years combined. Zero-days, which are weaknesses in a program, system or device that have never been seen before, can be incredibly valuable on the cyber-black market. At least four such zero-day exploits were reportedly used in the cyber-attack on an Iranian nuclear facility a few years ago.
“Given the value of these vulnerabilities, it’s not surprising that a market has evolved to meet demand,” the report says. “In fact, at the rate that zero-day vulnerabilities are being discovered, they may become a commodity product.”
Samir Kapuria, Senior Vice President and General Manager at Symantec’s Cyber Security Services, told ABC News that the research shows cyber-crime has moved on from its “start-up phase.”
“As a growth business, these guys have figured out how to make money,” Kapuria said.