Story image

Gemalto's Breach Level Index: "1.4 billion compromised data records"

03 Apr 2017

Gemalto released the results of its Breach Level Index last week, proving once again that data breaches across the world continue to increase in scale and severity.

Overall, APAC accounted for 8% of all breach incidents. The survey found that the top three APAC countries with the most incidents included Australia with 44 breach incidents, India had 24 incidents; New Zealand had 16.

Cambodia, Samoa and Vietnam fared best, each with only one breach. According to Gemalto, the low rates aren’t necessarily good news, as many breaches may have been unreported due to a lack of cybersecurity disclosure laws.

Meanwhile, the United States had 1348 incidents, accounting for 80% of all data breaches.

According to the survey, the total 1792 breaches led to 1.4 billion compromised data records last year - an 86% increase compared to 2015.

Since 2013, more than 7 billion data records have been compromised - equal to 3 million every day or around 44 records every second, Gemalto states.

Identity theft was top of the breach list (59% of data breaches) a 5% increase since 2015. Account access breaches accounted for 54%. The ‘nuisance’ category accounted for 18% of breached records - a 102% increase.

“The Breach Level Index highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high value targets,” comments Jason Hart, Gemalto’s VP and CTO for Data Protection.

52% of data breaches on organisations last year didn’t mention how many records were compromised when the breach happened.

Gemalto believes that malicious outsiders accounted for 68% of breach attacks. Hacktivist breaches accounted for 3% of breaches, but increased by 31%.

“Clearly, fraudsters are also shifting from attacks targeted at financial organizations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid,” Hart says.

While the healthcare industry was the biggest area for breaches (28%), the number of records exposed in those breaches has dropped 75% since 2015. Government experienced 15% of breaches but the number of compromised records jumped 27% from 2015. 

Financial services experienced 12% of breaches, followed by the tech sector (11%) and ‘other’ (13%).The ‘other’ category comprised mainly social media and entertainment industry breaches.

Gemalto states that 4.2% of breaches has involved encrypted data, compared to 4% in 2015. 

"Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organisations. Encryption and authentication are no longer ‘best practices’ but necessities,” Hart continues.

This is especially true with new and updated government mandates like the upcoming General Data Protection Regulation (GDPR) in Europe, U.S state-based and APAC country-based breach disclosure laws. But it’s also about protecting your business’ data integrity, so the right decisions can be made based on accurate information, therefore protecting your reputation and your profits.”

The most notable breaches included the AdultFriend Finder, Fling, the Philippines Commission on Elections, 17 Media and DailyMotion. The Breach Level Index did not include the major Yahoo data breaches since they occurred in 2013 and 2014.

Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”