The Breach Level Index for the first half of 2015, released by Gemalto in September, revealed that there were 888 data breaches worldwide in the first half of 2015, and that these breaches compromised 246 million records in total. These are hard-hitting numbers, but Gemalto delved deeper into the statistics to learn more.
This was a 10 per cent increase in breaches compared to the same half of 2014. The size of the breaches appears to have shrunk, however – fewer large scale breaches, termed ‘mega breaches’, were reported in 2015 compared to 2014. The result was a net decrease in the number of compromised data records.
Data breaches continue
But despite this overall decline in the sheer number of compromised records, data breaches did still continue to occur. A reduction in the number of mega breaches was evident, but there were some high-impact events that could have had disastrous effects. The largest data breach during the first half of 2015 targeted Anthem Insurance – it was an identity theft incident, which exposed a huge 78.8 million records.
This constituted a mega breach and hit 10 on the Breach Level Index. In fact, this breach constituted around a third (32 per cent) of all the records stolen during the first six months of 2015.
There was another enormous breach at the United States Office of Personnel Management, though nowhere near as large as the Anthem Insurance incident. This latter attack exposed 21 million records and was a Breach Level Index 9.7 incident.
The General Directorate of Population ship and Citizenship Affairs in Turkey suffered a 9.3 Breach Level Index attack while a 20 million record breach at Top face in Russia reached 9.2 on the Breach Level Index. According to analysis, the top ten incidents actually accounted for over four fifths of all the compromised records during that time.
Sources – where do they attacks originate?
State sponsored attacks account for a small percentage of the overall number of data breach incidents – a mere two per cent – but their severity makes them worth worrying about. Their impact can be enormous, and as such these attacks account for 41 per cent of the exposed records themselves. None of the top ten during the first half of the year were state-sponsored, however over the course of the whole year, a startling three of the top ten (including the top two) were state-sponsored.
The leading source of data breaches was malicious outsiders, though. 62 per cent of breaches took place in this manner in the first half of 2015, up four per cent on the first half of the previous year. Of all the 116 million compromised records, 46 per cent were down to malicious outsiders – a fall of around 26 per cent compared to 2014.
Targets – which industry bore the brunt?
Government and healthcare sectors accounted for just shy of two thirds of all compromised data records, with 31 per cent and 34 per cent respectively. Over the course of the whole year, healthcare was only around a fifth (21 per cent) falling from the previous year’s 29 per cent.
“What we’re continuing to see is a large ROI for hackers with sophisticated attacks that expose massive amounts of data records,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.
“Cyber criminals are still getting away with big and very valuable data sets. For instance, the average healthcare data breach in the first half of 2015 netted more than 450,000 data records, which is an increase of 200 percent compared to the same time last year,”
The retail sector, the breaches in which are often the most high-profile stories that make the news, was down to just four per cent. The previous year, when the possibility of a retailer’s information being accessed cyber criminals became widely acknowledged by the public, it was 38 per cent.
The US was by far the largest victim of these attacks, with over three quarters (76 per cent) of the data breaches and around half (49 per cent) of all the records that had been compromised in the first half of 2015. Just over a quarter – 26 per cent – of all compromised records were in Turkey, where the colossal GDPCA incident took place. Those 50 million records were breached by a ‘malicious outsider’ rather than a state-sponsored attacker.
“While the number of data breaches fluctuates, it’s still clear that breaches are not a matter of ‘if’ but ‘when.’ The Breach Level Index data shows that most companies are not able to protect their data once their perimeter defences are compromised,” said Hart.
“Although more companies are encrypting data, they are not doing it at the levels needed to reduce the magnitude of these attacks.”
“What is needed is a data-centric view of digital threats starting with better identity and access control techniques including multi-factor authentication and strong encryption to render sensitive information useless to thieves.”
Cyber criminals are developing a higher level of skill in comparison to even the previous quarter or the previous year analysed. This means that the threats themselves are changing, and as such, our responses to it also need to be flexible. Our more conventional perimeter-based security is no longer particularly effective, thanks to developments in cybercriminal techniques.
And one of the most obvious solutions – or at least a way of mitigating the threat – is end-to-end encryption. All data will be encrypted wherever it is and regardless of whether it is in transit, essentially devaluing the data and making it less attractive to cyber criminals.
The Breach Level Index is a global overview of data breaches that calculates their severity, using factors such as number of compromised records, breach source, and vulnerability of the data. Being able to separate the nuisance breaches from the catastrophic ones is essential to understanding the constantly changing threat and, ultimately, defending against it. As consumers become more aware of the risk of data breaches, and with every high-profile breach at a well-known retailer or bank that reaches the news, the importance of data protection grows. Eventually, all organisations will encrypt all their data – and their customers will expect them to.