Security is failing - 2.6 billion records were exposed in 2017
An average of five million records are compromised every day, according to an updated Breach Level Index.
A massive 2.6 billion records were stolen, lost or exposed worldwide in 2017, representing an 88 per cent increase from 2016, according to a new in-depth report.Although data breach incidents decreased by 11 per cent over that period, 2017 was the first year that publicly disclosed breaches surpassed more than two billion compromised data records since 2013, according to the Breach Level Index from Gemalto. Over the past five years, nearly 10 billion records have been lost, stolen or exposed, with an average of five million records compromised every day. One of the most recent breaches saw athletic apparel brand Under Armour admit that a data breach had exposed details of over 150 million MyFitnessPal users.
Malicious outsiders were the top source of breaches, according to the Gemalto research, accounting for 72 per cent, but only making up only 23 per cent of all compromised data. Impressively, while accidental loss was the cause of a mere 18 per cent of data breaches, these accounted for 76 per cent of all compromised records, an increase of 580 per cent from 2016.
Malicious insider breaches barely scratched the surface with 9 per cent of the total incidents, however this breach source experienced a dramatic increase (117 per cent) in the number of compromised or stolen records from 2016.
The industries that experienced the largest number of data breach incidents were healthcare (27 per cent), financial services (12 per cent), education (11 per cent) and government (11 per cent). In terms of the amount of records lost, stolen or compromised, the most targeted sectors were government (18 per cent), financial services (9.1 per cent) and technology (16 per cent).
Ilia Kolochenko, CEO High-Tech Bridge and security expert said: “If these numbers are accurate, this is a huge and a very alarming surge. However, one should take into consideration that in light of GDPR and similar regulations, companies are likely to start implementing better incident detection and response systems capable to detect security incidents in a timely manner. Numerous reports also demonstrate an overall reduction of time required to detect breaches across different countries and industries. Previously, many large organizations frequently underestimated the importance of data security and privacy, so many data breaches and related data loss incidents remained undetected and were never reported.”
“Nowadays, various machine learning and AI technologies catch anomalies in corporate networks, providing organizations with reliable incident detection capacity even if the attackers use some sophisticated intrusion and data exfiltration techniques. Internal data losses can also be timely detected thanks to improved technologies and growing awareness among employees. Therefore, we can expect an increase in reported incidents that represent a growth of detected incidents, rather than the overall number of actually occurring incidents and breaches. Last but not least, some security incidents involve the same records or accounts, breached several times and counted separately.”
The Gemalto research found that of the 1,765 data breach incidents in 2017, identity theft represented the leading type of data breach, accounting for 69 per cent, while malicious outsiders remained the number one cybersecurity threat, tallying up 72 per cent of all breach incidents. Interestingly, the number of records breached in nuisance type attacks increased by 560 per cent from 2016 - nuisance attack being defined as a leak of basic information such as name, address and/or phone number. While the immediate damage from such information leakage is limited, the future ramifications of phishing attacks based on the data is impossible to track.
“Companies can mitigate the risks surrounding a breach through a ‘security by design’ approach, building in security protocols and architecture at the beginning,” said Jason Hart, VP and CTO, Data Protection at Gemalto. “cite>This will be especially important, considering in 2018 new government regulations like Europe’s General Data Protection Regulation (GDPR) and the Australian Privacy Act (APA) go into effect. These regulations require companies to adapt a new mindset towards security, protecting not only their sensitive data but the privacy of the customer data they store or manage.”
The disruptive capabilities of AI and Machine Learning are set to be the lead panel session at the upcoming GISD spring edition 2018 in Geneva. Board level security professionals from UBS, GlaxoSmithKline and International Labour Organization will round out the expert panel grappling with the big issues of the security industry. Registration for security professionals is free, and attendees are vetted to ensure a sales-free environment.