Home Security Almost 1.4b data records compromised in 2016, 44 per second, Gemalto says

Almost 1.4b data records compromised in 2016, 44 per second, Gemalto says

Digital security firm Gemalto asks, "Do you know where your data is?", revealing 1792 disclosed data breaches in 2016 led to almost 1.4 billion data records being compromised.

Gemalto further says cyber criminals are casting their eyes further afield than traditional, historical financial attacks. The "easy money" for hackers and crackers is coming less from banks, and more to ransomware and identity theft. In fact, identity theft accounted for 59% of all data breaches in 2016, up 5% from 2015.

"The Breach Level Index highlights four major cyber criminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organisations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid," said Graeme Pyper, regional director, Australia and New Zealand at Gemalto.

This data comes from Gemalto's 2016 Breach Level Index, released last week. The 1.4 billion number is an increase of 86% compared to 2015. About 52% of the data breaches in 2016 did not initially disclose the number of compromised records at the time they were announced. Some industries, such as healthcare, have still not disclosed the number of affected records. In fact, 940 of the 1792 breaches have a publicly unknown amount of data involved.

Gemalto's Breach Level Index is a global database that benchmarks publicly disclosed data breaches including the number of compromised records, type of data, severity, how it was used and whether or not it was encrypted.

Gemalto states more than seven billion records have been exposed since 2013 when the index was started. This comes to over three million records compromised daily, or 44 records a second.

By far, the number one breach was Adult Friend Finder, hit by an account access data breach by a malicious outsider, exposing more than 400 million records. Coming in second was an identity theft attack by a malicious outsider on the Philippines' Commission on Elections with 77.7 million records stolen, including fingerprints.

In the 2016 index, Gemalto includes 145 reported incidents across APAC, with 44 in Australia alone. As this is self-disclosed data, Gemalto notes this is only "the tip of the iceberg" as mandatory data breach reporting legislation comes into effect.

Account access based breaches decreased since 2015, down by 3%, though with a far greater impact, making up 54% of all breached records which is an increase of 336%. Gemalto notes this highlights the cyber criminal trend away from financial data to bigger databases that contain larger volumes of personally identifying information.

By far the largest target for data breaches was healthcare, accounting for 28% of all data breaches, up 11% from 2015. However, the number of compromised data records has decreased by 75% from the previous year. Financial services companies accounted for 12% of data breaches, down 23% from 2015.

A big takeaway for IT managers from Gemalto's research is that only 4.2% of the total number of breach incidents involved data that had been encrypted in part or in full. Of the 1.4 billion records compromised, only 6% were encrypted partially or in full.

While this represents an increase from the 2015s 4% of incidents and 2% of encrypted records, it is still a trite number. Pyper notes that an organisation's security efforts cannot simply rest at the perimeter, but must also have a means of making data useless should an unauthorised person get hold of it.

"Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organisations. Encryption and authentication are no longer ‘best practices’ but necessities. This is especially true with new and updated government mandates like the upcoming changes to Australia’s mandatory data breach notifications. But it’s also about protecting your business’ data integrity, so the right decisions can be made based on accurate information, therefore protecting your reputation and your profits," he said.

In fact, in this modern day of pervasive cloud technology there is almost no perimeter anymore. Thus, the Breach Level Index truly highlights to IT departments the seriousness of protecting data. Encrypting data to make it useless to attackers is paramount. Similarly, containing the places where data can go and limiting access to data are also important strategies. Gemalto refers to this as protecting data at "rest and in motion".


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


David M Williams

joomla site stats

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. Within two years, he returned to his alma mater, the University of Newcastle, as a UNIX systems manager. This was a crucial time for UNIX at the University with the advent of the World-Wide-Web and the decline of VMS. David moved on to a brief stint in consulting, before returning to the University as IT Manager in 1998. In 2001, he joined an international software company as Asia-Pacific troubleshooter, specialising in AIX, HP/UX, Solaris and database systems. Settling down in Newcastle, David then found niche roles delivering hard-core tech to the recruitment industry and presently is the Chief Information Officer for a national resources company where he particularly specialises in mergers and acquisitions and enterprise applications.