The IBM X-Force Treat Intelligence Index 2017 report leaves the impression hackers are cutting through security like a hot knife through butter:
With Internet-shattering distributed-denial-of-service (DDoS) attacks, troves of records leaked through data breaches, and a renewed focus by organized cybercrime on business targets, 2016 was a defining year for security. Indeed, in 2016 more than 4 billion records were leaked, more than the combined total from the two previous years, redefining the meaning of the term “mega breach.” In one case, a single source leaked more than 1.5 billion records.1 (page 3)
The report helpfully defines terms at page 3 and in the glossary (page 29) but never defines “record.”
The 4 billion records “fact” will appear in security blogs, Twitter, business zines, mainstream media, all without asking: “What is a record?”
Here are some things that could be records:
- account, username, password
- medical record (1 or more pages)
- financial record (1 or more pages)
- CIA document (1 or more pages)
- Tax records (1 or more pages)
- Offshore bank data (spreadsheet, 1 or more pages
- Presentations (PPT, 1 or more pages)
- Accounting records (1 or more pages)
- Emails (1 or more pages)
- Photos, nude or otherwise
IBM’s “…4 billion records were leaked…,” is a marketing statement for IBM security services. Not a statement of fact.
Don’t make your readers dumber by repeating IBM marketing slogans without critical comments.
PS: I haven’t checked the other “facts” claimed in this document. The failure to define “record” was enough to discourage further reading.