What were the biggest cyber security culprits in the first half of 2017 from a data breach standpoint? Identity theft and poor internal security practices, according to the latest Breach Level Index (BLI) Report by Gemalto.
The index, a global database of public data breaches, showed that the first six months of the year had 918 data breaches that led to 1.9 billion data records being compromised worldwide. Compared with the last six months of 2016, the number of lost, stolen or compromised records increased by a staggering 164%, the report said.
Much of this was due to the 22 largest data breaches, each involving more than one million compromised records. Of the 918 data breaches during the period, more than 500 (59% of all breaches) had an unknown or unaccounted number of compromised data records.
The BLI is a global database that tracks data breaches and measures their severity based on multiple dimensions, such as the number of records compromised, type of data, source of the breach, how the data was used, and whether the data was encrypted. By assigning a severity score to each breach, the index distinguishes data breaches that are not serious versus those that are truly impactful.
The 918 breaches worldwide in the first half of 2017 was an increase of 13% from the 815 in the last six months of 2016. The report said more than 9 billion data records have been exposed since 2013, when the index began benchmarking publicly disclosed data breaches. During the first six months of 2017, more than 10 million records were compromised or exposed each day, or 122 records every second, including medical, credit card and/or financial data or personally identifiable information.
This is particularly concerning, the report said, since less than 1% of the stolen, lost, or compromised data used encryption technology to render the information useless to a cyber criminal.
Malicious outsiders made up the largest percentage of data breaches in the first half of the year (74% of the total), an increase of 23% from the previous six months. However, this source accounted for only 13% of all stolen, compromised or lost records. While malicious insider attacks accounted for only 8% of all breaches, the amount of records compromised in these attacks was 20 million. That was up more than 4,000% from 500,000 in the previous six months.
Identity theft was the leading type of data breach in the first six months of 2017, accounting for 74% of all data breaches and up 49% from the previous period. The number of records compromised in identity theft attacks jumped by 255%.
The report said the most significant shift was the nuisance category of data breaches, accounting for 81% of all lost, stolen, or compromised records. But in terms of the number of incidents, nuisance attacks were only slightly over 1% of all data breaches. The number of compromised records from account access attacks dropped by 46%.
In terms of geography, North America easily had the highest number of disclosed breaches during the first half of the year.
Most of the industries the BLI tracks had more than a 100% increase in the number of compromised, stolen, or lost records during the first half. The education market saw one of the biggest increases in breaches, up by 103% and with an increase of more than 4,000% in the number of records.
Healthcare had a relatively similar amount of breaches compared with the last six months of 2016, but stolen, lost, or compromised records increased 423%. Financial services, government, and entertainment also experienced a significant jump in the number of breached records, with entertainment breach incidents increasing 220% in the first six months of 2017.
As the report noted, many of the records exposed during breaches include personal information such as patient data, and in some cases
people have no idea if their information has been exposed. The rise in data breaches and records stolen make the case that organizations are failing to deploy adequate cyber security tools and processes needed to prevent these types of attacks from occurring.
One of the main takeaways from the findings, according to the report, is that security needs to be comprehensive, including not just tools such as network protection and access controls, but data encryption and multi-factor authentication as well. That way, in the event of a breach cyber criminals will not be able to doing anything with the stolen information.
Unfortunately, however, when it comes to encryption many organizations continue to fall short. Of the breaches during the first six months, only 42 (less than 5% of the total) involved data that had been encrypted in part or in full.
To better protect their information assets, the study said, organizations need to take a situational awareness approach to security by knowing exactly where critical data resides, the threats to that data, and whether the data has been encrypted.