More than 1.4 billion data records are estimated to have been compromised in 2016 as a direct result of data breaches, spawning an 86 percent increase compared to 2015, according to a Gemalto’s Breach Level Index. With organizations continuously being targeted by cybercriminals either with sophisticated advanced threats or through infrastructure vulnerabilities, the main driver behind these attacks is often related to financial gains or gratification.
The leading type of data breach that accounted for 59 percent of all reports related to identity theft, but 52 percent of all data breaches in 2016 did not disclose the number of records that were potentially compromised. While more than 7 billion data records are estimated to have been exposed since 2013, it’s estimated that an average of 44 records are compromised every second.
"Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organizations. Encryption and authentication are no longer 'best practices' but necessities,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “This is especially true with new and updated government mandates like the upcoming General Data Protection Regulation (GDPR) in Europe, U.S state-based and APAC country-based breach disclosure laws. But it's also about protecting your business' data integrity, so the right decisions can be made based on accurate information, therefore protecting your reputation and your profits."
Among the most prominent data breaches of 2016, the report mentions the Adult FriendFinder breach where over 400 million records are estimated to have been exposed, Philippines’ Commission on Elections with 77.7 million records, and Fling.com with 40 million records. While the first one is ranked as the year’s all-time biggest breach scoring a perfect 10 on the company’s rating scale, the other two clocked in second and third with an average score of 9.8, respectively 9.7.
Malicious outsiders account for 68 percent of the sources for attack, while accidental loss accounts for 19 percent. The number of records breached by malicious outsiders skyrocketed in 2016 reaching 1,050,297,092, while in 2015 it was estimated that the same malicious outsiders only breached 272,042,361 records.
The top three most affected industry verticals affected seem to involve healthcare (27.5 percent), government (15 percent), and retail (12 percent). The most affected vertical in 2016 seems to have been the technology industry (28.4 percent), as not only the number of braches spiked by 54.9 percent, but the number of records stolen also increased by 277.5% compared to 2015, reaching 391.6 million records breached in 2016 alone.
According to Bitdefender’s Chief technology Officer, Bogdan Dumitru, these attacks are to be expected for 2017, as cybercriminals often go for low hanging fruits and their main goal is to exfiltrate as much data as possible within a short amount of time.
“On the business side we will see an increase of targeted attacks and strongly obfuscated bots, with a short lifespan and frequent updates. Most of these attacks will specialise in information theft,” said Bitdefender’s CTO Bogdan Dumitru. “Attackers will be in and out of an organisation in a few days, maybe even hours. APT, which currently stands for Advanced Persistent Threats, should change to Advanced Penetration Threats, or even BA for Blitzkrieg Attacks.”
While 80 percent of reported data breaches were located in North America, the findings indicate that companies need to secure the breach as timely as possible and have an emergency response plan in place. For more details on what how companies can secure on-premise or in-the-cloud data, here are some tips and tricks.