By
Bankole Orimisan
There may
be danger ahead to organizations whose do business on daily basis in the
country if proper measure not quickly put in place to address the activities of
cyber criminals, as the Gemalto, Security Company, showed that data
breaches are getting worse with 246 million records compromised by criminal
activity in the first six months of 2015.
The
numbers suggest cyber-crime will remain a top priority for banks for the
foreseeable future, Gemalto warns.
Compared to the first half of 2014, known and reported data breaches
increased by 10 per cent to 888 while the number of compromised data records
declined by 41% during the first six months of this year.
This decline in compromised records can most likely be attributed to that
fact that fewer large scale mega breaches have occurred in the retail industry
compared to the same period last year.
Despite the decrease in the number of compromised records, large data
breaches continued to expose massive amounts of personal information and
identities.
The largest breach in the first half of 2015 – which scored a 10 in terms
of severity on the Breach Level Index – was an identity theft attack on Anthem
Insurance that exposed 78.8 million records, representing almost a third (32%)
of the total data records stolen in the first six months of 2015.
Other notable breaches during this analysis period included a 21 million
record breach at the US Office of Personnel Management; a 50 million record
breach at Turkey’s General Directorate of Population and Citizenship Affairs;
and a 20 million record breach at Russia’s Topface.
In fact, the top 10 breaches accounted for 81.4% of all compromised
records.
“What we’re continuing to see is a large ROI for hackers with
sophisticated attacks that expose massive amounts data records. Cyber criminals
are still getting away with big and very valuable data sets,” said Jason Hart,
chief technology officer for data protection at Gemalto.
“For instance, the average healthcare data breach in the first half of
2015 netted more than 450,000 data records, which is an increase of 200 percent
compared to the same time last year.”
The number of state-sponsored attacks accounted for just 2% of data
breach incidents, but the number of records compromised as a result of those
attacks totalled 41% of all records exposed, due to the breaches at Anthem
Insurance and the US Office of Personnel Management.
While none of the top 10 breaches from first half of 2014 were caused by
state-sponsored attacks, three of the top ten this year were – including the
top two.
At the same time, malicious outsiders were the leading source of data
breaches in the first half of 2015, accounting for 546 or 62% of breaches,
compared to 465 or 58% in the first half of last year.
Forty-six percent or 116 million of the total compromised records were
attributable to malicious outsiders, down from 71.8% or 298 million in 2014.
Identity theft remained the primary type of breach, accounting for 75% of all
records compromised and slightly more than half (53%) of data breaches in the
first half of 2015.
Five of the top ten breaches, including the top three – which were all
classified as Catastrophic on the BLI – were identity theft breaches, down from
seven of the top 10 from the same period last year.
Across industries, the government and healthcare sectors accounted for about
two-thirds of compromised data records (31% and 34% respectively), though
healthcare only accounted for 21% of breaches this year, down from 29% compared
to the same period last year.
The retail sector saw a significant drop in the number of stolen data records,
accounting for 4% compared to 38% for the same period last year.
Across regions, the US represented the largest share with three-quarters (76%)
of data breaches and nearly half of all compromised records (49%).
Turkey accounted for 26% of compromised records, with its massive GDPCA breach
in which 50 million records were breached by an outsider.
The level of encryption used to protect exposed data – which can dramatically
reduce the impact of data breaches – increased slightly to 4 per cent of all
breaches compared with 1 percent in the first half of 2014.
“While the number of data breaches fluctuates, it’s still clear that
breaches are not a matter of ‘if’ but ‘when.’ The Breach Level Index data shows
that most companies are not able to protect their data once their perimeter
defences are compromised,” added Hart.
“Although more companies are encrypting data, they are not doing it at the
levels needed to reduce the magnitude of these attacks. What is needed is a
data-centric view of digital threats starting with better identity and access
control techniques including multi-factor authentication and strong encryption
to render sensitive information useless to thieves.”
According to Forrester, as cybercriminals have become more skilful and
sophisticated, they have eroded the effectiveness of traditional
perimeter-based security controls.
The constantly mutating threat landscape requires new defensive measures, one
of which is the pervasive use of data encryption technologies. In the future,
organizations will encrypt data — both in motion and at rest — by default. This
data-centric approach to security is a much more effective way to keep up with
determined cybercriminals.
By
encrypting, and thereby devaluing, sensitive data, organisations can make
cybercriminals bypass their networks and look for less robustly protected
targets.
Encryption will become a strategic cornerstone for security and risk executives
responsible for their organization’s data security and privacy efforts.
No comments:
Post a Comment