Compared to the first half of 2014, data breaches increased by 10% while the number of compromised data records declined by 41% during the first six months of this year. This decline in compromised records can most likely be attributed to that fact that fewer large scale mega breaches have occurred in the retail industry compared to the same period last year, the company said.
Despite the decrease in the number of compromised records, large data breaches continued to expose massive amounts of personal information and identities. Notable breaches during this period included a 50-million-record breach at Turkey’s General Directorate of Population and Citizenship Affairs (BLI: 9.3). The top 10 breaches accounted for 81.4% of all compromised records, Gemalto said.
“What we’re continuing to see is a large ROI for hackers with sophisticated attacks that expose massive amounts of data records. Cyber criminals are still getting away with big and very valuable data sets. For instance, the average healthcare data breach in the first half of 2015 netted more than 450,000 data records, which is an increase of 200% compared to the same time last year,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.
Identity theft remained the primary type of breach, accounting for 75% of all records compromised and slightly more than half (53%) of data breaches in the first half of 2015. Five of the top ten breaches, including the top three – which were all classified as 'Catastrophic' on the BLI – were identity theft breaches, down from seven of the top 10 from the same period last year.
Across industries, the government and healthcare sectors accounted for about two-thirds of compromised data records (31% and 34% respectively), though healthcare only accounted for 21% of breaches this year, down from 29% compared to the same period last year. The retail sector saw a significant drop in the number of stolen data records, accounting for 4% compared to 38% for the same period last year.
 |
| Source: Gemalto infographic. |
Across regions, the US represented the largest share with three-quarters (76%) of data breaches and nearly half of all compromised records (49%). Turkey accounted for 26% of compromised records. Asia Pacific accounted for 63 of the incidents, mostly from Australia, while 14 incidents occurred in the Middle East.
The level of encryption used to protect exposed data – which can dramatically reduce the impact of data breaches – increased slightly to 4% of all breaches compared with 1% in H1 2014.
“While the number of data breaches fluctuates, it’s still clear that breaches are not a matter of ‘if’ but ‘when.’ The Breach Level Index data shows that most companies are not able to protect their data once their perimeter defences are compromised. Although more companies are encrypting data, they are not doing it at the levels needed to reduce the magnitude of these attacks,” added Hart.
The level of encryption used to protect exposed data – which can dramatically reduce the impact of data breaches – increased slightly to 4% of all breaches compared with 1% in H1 2014.
“While the number of data breaches fluctuates, it’s still clear that breaches are not a matter of ‘if’ but ‘when.’ The Breach Level Index data shows that most companies are not able to protect their data once their perimeter defences are compromised. Although more companies are encrypting data, they are not doing it at the levels needed to reduce the magnitude of these attacks,” added Hart.
"What is needed is a data-centric view of digital threats starting with better identity and access control techniques including multi-factor authentication and strong encryption to render sensitive information useless to thieves.”
According to Forrester, as cybercriminals have become more skillful and sophisticated, they have eroded the effectiveness of traditional perimeter-based security controls. The constantly mutating threat landscape requires new defensive measures, one of which is the pervasive use of data encryption technologies.
According to Forrester, as cybercriminals have become more skillful and sophisticated, they have eroded the effectiveness of traditional perimeter-based security controls. The constantly mutating threat landscape requires new defensive measures, one of which is the pervasive use of data encryption technologies.
In the future, organisations will encrypt data — both in motion and at rest — by default. This data-centric approach to security is a much more effective way to keep up with determined cybercriminals. By encrypting, and thereby devaluing, sensitive data, organisations can make cybercriminals bypass their networks and look for less robustly protected targets. Encryption will become a strategic cornerstone for security and risk executives responsible for their organisation’s data security and privacy efforts**.
*The Breach Level Index provides a centralised, global database of data breaches and calculates their severity based on multiple dimensions, including the type of data and the number of records stolen, the source of the breach, and whether or not the data was encrypted. By assigning a severity score to each breach, the BLI provides a comparative list of breaches, distinguishing nuisances from truly impactful mega breaches. Information populating the BLI database is based on publicly-available breach disclosure information.
**Forrester Research, Kill Your Data to Protect It From Cybercriminals, July 12, 2012
No comments:
Post a Comment