Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Gemalto releases findings of 2016 Breach Level Index

March 2017 by Gemalto

Gemalto released the findings of the Breach Level
Index revealing that 1,792 data breaches led to almost 1.4 billion data records
being compromised worldwide during 2016, an increase of 86% compared to 2015.
Identity theft was the leading type of data breach in 2016, accounting for 59% of
all data breaches. In addition, 52% of the data breaches in 2016 did not disclose
the number of compromised records at the time they were reported.

The Breach Level Index is a global database that tracks data breaches and measures
their severity based on multiple dimensions, including the number of records
compromised, the type of data, the source of the breach, how the data was used, and
whether or not the data was encrypted. By assigning a severity score to each breach,
the Breach Level Index provides a comparative list of breaches, distinguishing data
breaches that are a not serious versus those that are truly impactful (scores run
1-10). According to the Breach Level Index, more than 7 billion data records have
been exposed since 2013 when the index began benchmarking publicly disclosed data
breaches. Breaking it down that is over 3 million records compromised every day or
roughly 44 records every second.

Last year, the account access based attack on AdultFriend Finder exposing 400
million records scored a 10 in terms of severity on the Breach Level Index. Other
notable breaches in 2016 included Fling (BLI: 9.8), Philippines’ Commission on
Elections (COMELEC) (BLI: 9.8), 17 Media (BLI: 9.7) and Dailymotion (BLI: 9.5). In
fact the top 10 breaches in terms of severity accounted for over half of all
compromised records. In 2016, Yahoo! reported two major data breaches involving 1.5
billion user accounts, but are not accounted for in the BLI’s 2016 numbers since
they occurred in 2013 and 2014.

The Breach Level Index highlights four major cybercriminal trends over the
past year. Hackers are casting a wider net and are using easily-attainable account
and identity information as a starting point for high value targets. Clearly,
fraudsters are also shifting from attacks targeted at financial organizations to
infiltrating large data bases such as entertainment and social media sites. Lastly,
fraudsters have been using encryption to make breached data unreadable, then hold it
for ransom and decrypting once they are paid", said Jason Hart, Vice President
and Chief Technology Officer for Data Protection at Gemalto.

Data Breaches by Type

In 2016, identity theft was the leading type of data breach, accounting for 59% of
all data breaches, up by 5% from 2015. The second most prevalent type of breach in
2016 is account access based breaches. While the incidence of this type of data
breach decreased by 3%, it made up 54 % of all breached records, which is an
increase of 336% from the previous year. This highlights the cybercriminal trend
from financial information attacks to bigger databases with large volumes of
personally identifiable information. Another notable data point is the nuisance
category with an increase of 101% accounting for 18% of all breached records up
1474% since 2015.

Data Breaches by Source

Malicious outsiders were the leading source of data breaches, accounting for 68% of
breaches, up from 13% in 2015. The number of records breached in malicious outsider
attacks increased by 286% from 2015. Hacktivist data breaches also increased in 2016
by 31%, but only account for 3% of all breaches that occurred last year.

Data Breaches by Industry
Across industries, the technology sector had the largest increase in data breaches
in 2016. Breaches rose 55%, but only accounted for 11% of all breaches last year.
Almost 80% of the breaches in this sector were account access and identity theft
related. They also represented 28% of compromised records in 2016, an increase of
278% from 2015.

The healthcare industry accounted for 28% of data breaches, rising 11% compared to
2015. However, the number of compromised data records in healthcare decreased by 75%
since 2015. Education saw a 5% decrease in data breaches between 2015 and 2016 and a
drop of 78% in compromised data records. Government accounted for 15% of all data
breaches in 2016. However the number of compromised data records increased 27% from
2015. Financial services companies accounted for 12% of all data breaches, a 23%
decline compared to the previous year.

All industries listed in the ’Other’ category represented 13% of data breaches and
36% of compromised data records. In this category, the overall number of data
breaches decreased by 29%, while the number of compromised records jumped by 300%
since 2015. Social media and entertainment industry related data breaches made up
the majority.

Last year 4.2% of the total number of breach incidents involved data that had been
encrypted in part or in full, compared to 4% in 2015. In some of these instances,
the password was encrypted, but other information was left unencrypted. However of
the almost 1.4 billion records compromised, lost or stolen in 2016, only 6% were
encrypted partially or in full (compared to 2% in 2015).

Knowing exactly where their data resides and who has access to it will help
enterprises outline security strategies based on data categories that make the most
sense for their organizations. Encryption and authentication are no longer ’best
practices’ but necessities. This is especially true with new and updated government
mandates like the upcoming General Data Protection Regulation (GDPR) in Europe, U.S
state-based and APAC country-based breach disclosure laws. But it’s also about
protecting your business’ data integrity, so the right decisions can be made based
on accurate information, therefore protecting your reputation and your
profits.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts