SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Gemalto's Breach Level Index: '1.4 billion compromised data records'
Mon, 3rd Apr 2017
FYI, this story is more than a year old

Gemalto released the results of its Breach Level Index last week, proving once again that data breaches across the world continue to increase in scale and severity.

Overall, APAC accounted for 8% of all breach incidents. The survey found that the top three APAC countries with the most incidents included Australia with 44 breach incidents, India had 24 incidents; New Zealand had 16.

Cambodia, Samoa and Vietnam fared best, each with only one breach. According to Gemalto, the low rates aren't necessarily good news, as many breaches may have been unreported due to a lack of cybersecurity disclosure laws.

Meanwhile, the United States had 1348 incidents, accounting for 80% of all data breaches.

According to the survey, the total 1792 breaches led to 1.4 billion compromised data records last year - an 86% increase compared to 2015.

Since 2013, more than 7 billion data records have been compromised - equal to 3 million every day or around 44 records every second, Gemalto states.

Identity theft was top of the breach list (59% of data breaches) a 5% increase since 2015. Account access breaches accounted for 54%. The ‘nuisance' category accounted for 18% of breached records - a 102% increase.

“The Breach Level Index highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high value targets,” comments Jason Hart, Gemalto's VP and CTO for Data Protection.

52% of data breaches on organisations last year didn't mention how many records were compromised when the breach happened.

Gemalto believes that malicious outsiders accounted for 68% of breach attacks. Hacktivist breaches accounted for 3% of breaches, but increased by 31%.

“Clearly, fraudsters are also shifting from attacks targeted at financial organizations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid,” Hart says.

While the healthcare industry was the biggest area for breaches (28%), the number of records exposed in those breaches has dropped 75% since 2015. Government experienced 15% of breaches but the number of compromised records jumped 27% from 2015.

Financial services experienced 12% of breaches, followed by the tech sector (11%) and ‘other' (13%).The ‘other' category comprised mainly social media and entertainment industry breaches.

Gemalto states that 4.2% of breaches has involved encrypted data, compared to 4% in 2015.

"Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organisations. Encryption and authentication are no longer ‘best practices' but necessities,” Hart continues.

This is especially true with new and updated government mandates like the upcoming General Data Protection Regulation (GDPR) in Europe, U.S state-based and APAC country-based breach disclosure laws. But it's also about protecting your business' data integrity, so the right decisions can be made based on accurate information, therefore protecting your reputation and your profits.

The most notable breaches included the AdultFriend Finder, Fling, the Philippines Commission on Elections, 17 Media and DailyMotion. The Breach Level Index did not include the major Yahoo data breaches since they occurred in 2013 and 2014.