Story image

Gemalto's Breach Level Index: "1.4 billion compromised data records"

03 Apr 17

Gemalto released the results of its Breach Level Index last week, proving once again that data breaches across the world continue to increase in scale and severity.

Overall, APAC accounted for 8% of all breach incidents. The survey found that the top three APAC countries with the most incidents included Australia with 44 breach incidents, India had 24 incidents; New Zealand had 16.

Cambodia, Samoa and Vietnam fared best, each with only one breach. According to Gemalto, the low rates aren’t necessarily good news, as many breaches may have been unreported due to a lack of cybersecurity disclosure laws.

Meanwhile, the United States had 1348 incidents, accounting for 80% of all data breaches.

According to the survey, the total 1792 breaches led to 1.4 billion compromised data records last year - an 86% increase compared to 2015.

Since 2013, more than 7 billion data records have been compromised - equal to 3 million every day or around 44 records every second, Gemalto states.

Identity theft was top of the breach list (59% of data breaches) a 5% increase since 2015. Account access breaches accounted for 54%. The ‘nuisance’ category accounted for 18% of breached records - a 102% increase.

“The Breach Level Index highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high value targets,” comments Jason Hart, Gemalto’s VP and CTO for Data Protection.

52% of data breaches on organisations last year didn’t mention how many records were compromised when the breach happened.

Gemalto believes that malicious outsiders accounted for 68% of breach attacks. Hacktivist breaches accounted for 3% of breaches, but increased by 31%.

“Clearly, fraudsters are also shifting from attacks targeted at financial organizations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid,” Hart says.

While the healthcare industry was the biggest area for breaches (28%), the number of records exposed in those breaches has dropped 75% since 2015. Government experienced 15% of breaches but the number of compromised records jumped 27% from 2015. 

Financial services experienced 12% of breaches, followed by the tech sector (11%) and ‘other’ (13%).The ‘other’ category comprised mainly social media and entertainment industry breaches.

Gemalto states that 4.2% of breaches has involved encrypted data, compared to 4% in 2015. 

"Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organisations. Encryption and authentication are no longer ‘best practices’ but necessities,” Hart continues.

This is especially true with new and updated government mandates like the upcoming General Data Protection Regulation (GDPR) in Europe, U.S state-based and APAC country-based breach disclosure laws. But it’s also about protecting your business’ data integrity, so the right decisions can be made based on accurate information, therefore protecting your reputation and your profits.”

The most notable breaches included the AdultFriend Finder, Fling, the Philippines Commission on Elections, 17 Media and DailyMotion. The Breach Level Index did not include the major Yahoo data breaches since they occurred in 2013 and 2014.

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.