Home Security Almost 1.4b data records compromised in 2016, 44 per second, Gemalto says
Almost 1.4b data records compromised in 2016, 44 per second, Gemalto says Featured

Digital security firm Gemalto asks, "Do you know where your data is?", revealing 1792 disclosed data breaches in 2016 led to almost 1.4 billion data records being compromised.

Gemalto further says cyber criminals are casting their eyes further afield than traditional, historical financial attacks. The "easy money" for hackers and crackers is coming less from banks, and more to ransomware and identity theft. In fact, identity theft accounted for 59% of all data breaches in 2016, up 5% from 2015.

"The Breach Level Index highlights four major cyber criminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organisations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid," said Graeme Pyper, regional director, Australia and New Zealand at Gemalto.

This data comes from Gemalto's 2016 Breach Level Index, released last week. The 1.4 billion number is an increase of 86% compared to 2015. About 52% of the data breaches in 2016 did not initially disclose the number of compromised records at the time they were announced. Some industries, such as healthcare, have still not disclosed the number of affected records. In fact, 940 of the 1792 breaches have a publicly unknown amount of data involved.

Gemalto's Breach Level Index is a global database that benchmarks publicly disclosed data breaches including the number of compromised records, type of data, severity, how it was used and whether or not it was encrypted.

Gemalto states more than seven billion records have been exposed since 2013 when the index was started. This comes to over three million records compromised daily, or 44 records a second.

By far, the number one breach was Adult Friend Finder, hit by an account access data breach by a malicious outsider, exposing more than 400 million records. Coming in second was an identity theft attack by a malicious outsider on the Philippines' Commission on Elections with 77.7 million records stolen, including fingerprints.

In the 2016 index, Gemalto includes 145 reported incidents across APAC, with 44 in Australia alone. As this is self-disclosed data, Gemalto notes this is only "the tip of the iceberg" as mandatory data breach reporting legislation comes into effect.

Account access based breaches decreased since 2015, down by 3%, though with a far greater impact, making up 54% of all breached records which is an increase of 336%. Gemalto notes this highlights the cyber criminal trend away from financial data to bigger databases that contain larger volumes of personally identifying information.

By far the largest target for data breaches was healthcare, accounting for 28% of all data breaches, up 11% from 2015. However, the number of compromised data records has decreased by 75% from the previous year. Financial services companies accounted for 12% of data breaches, down 23% from 2015.

A big takeaway for IT managers from Gemalto's research is that only 4.2% of the total number of breach incidents involved data that had been encrypted in part or in full. Of the 1.4 billion records compromised, only 6% were encrypted partially or in full.

While this represents an increase from the 2015s 4% of incidents and 2% of encrypted records, it is still a trite number. Pyper notes that an organisation's security efforts cannot simply rest at the perimeter, but must also have a means of making data useless should an unauthorised person get hold of it.

"Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organisations. Encryption and authentication are no longer ‘best practices’ but necessities. This is especially true with new and updated government mandates like the upcoming changes to Australia’s mandatory data breach notifications. But it’s also about protecting your business’ data integrity, so the right decisions can be made based on accurate information, therefore protecting your reputation and your profits," he said.

In fact, in this modern day of pervasive cloud technology there is almost no perimeter anymore. Thus, the Breach Level Index truly highlights to IT departments the seriousness of protecting data. Encrypting data to make it useless to attackers is paramount. Similarly, containing the places where data can go and limiting access to data are also important strategies. Gemalto refers to this as protecting data at "rest and in motion".

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

10 SIMPLE TIPS TO PROTECT YOUR ORGANISATION FROM RANSOMWARE

Ransomware attacks on businesses and institutions are now the most common type of malware breach, accounting for 39% of all IT security incidents, and they are still growing.

Criminal ransomware revenues are projected to reach $11.5B by 2019.

With a few simple policies and procedures, plus some cutting-edge endpoint countermeasures, you can effectively protect your business from the ransomware menace.

DOWNLOAD NOW!

David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect