Hackers cast a wider net in launching cyber attacks
Data protection takes on new urgency as breach perimeter dissolves worldwide
By Gary Stoller, ThirdCertainty
The number of records compromised by cyber criminals is skyrocketing, according to findings of digital security giant Gemalto.
The Netherlands-based company says its 2016 Breach Level Index, a global database that tracks data breaches, found nearly 1.4 billion records were compromised worldwide last year—an 86 percent increase over 2015.
‘Such a big increase for all industries combined pales in comparison to the increase suffered by financial services companies. The number of financial services records lost or stolen in cyber attacks jumped from 1.1 million in 2015 to 13.3 million last year—a 1,070 percent rise. This sector serves as a glaring example of how attackers are stealing larger numbers of records with each theft.
Technology companies also experienced a big increase in records lost or stolen—a 278 percent increase from 103.7 million in 2015 to 277.5 million last year. Tech companies’ lost or stolen records accounted for more than one-quarter of all industry losses.
The number of attacks against technology companies—primarily companies offering technology services to clients—rose significantly in 2016. Security breaches increased 55 percent from 122 in 2015 to 189 last year.
Related story and infographic: Attackers reel in cash rewards from financial firms
Outside the technology industry, however, the number of breaches declined, according to Gemalto. Hackers and other attackers launched 1,792 data breaches worldwide last year—a 4 percent drop from 2015.
Insider threat less common
Malicious outsiders perpetrated more than two-thirds of last year’s attacks, and identity theft was the most common type of attack. Accidental loss accounted for 19 percent of the data breaches, and—despite all the attention given to the threat of attacks from within organizations—malicious insiders were responsible for only 9 percent of the breaches, Gemalto says.
Solely considering the number of data breaches, the health care industry was the hardest hit, accounting for more than one-quarter of all breaches. Health care organizations experienced 493 breaches, compared with 445 in 2015.
Despite the increase, the number of records lost or stolen fell 75 percent from 143.2 million in 2015 to 35.3 million last year. Gemalto says part of the reason for the big drop was disclosure of a massive number of records breached at Anthem in 2015 and nondisclosure of numbers related to 2016 breaches in the health care industry.
The public sector’s cyber attack statistics were opposite those of the health care industry—breaches declined and the number of records lost or stolen rose. Agencies and other government entities had 269 breaches in 2016, down 9 percent from the previous year. The number of records lost or stolen totaled 391.7 million, up 27 percent from 2015.
Action has rewards
Gemalto says the retail sector “has taken significant steps to stop cyber attacks—particularly at the point of sale—and perhaps it’s paying off.” Retailers had 215 data breaches in 2016, a 10 percent decline from the prior year. The number of records stolen also fell from 40.1 million in 2015 to 32.5 million last year.
The education sector saw improvements in the number of data breaches and records lost or stolen. Breaches totaled 157 last year, down 5 percent, and records lost or stolen dropped 78 percent to 4.4 million.
With 26 data breaches last year, the hospitality industry was the least hard hit of the sectors Gemalto evaluated. That number, however, was a big increase from only one breach in 2015.
Breaches in industries other than those Gemalto evaluated, including social and entertainment sites, totaled 229 last year. That accounted for 13 percent of all industries’ total and was down 29 percent from 2015.
Gemalto says, however, that “a tremendous volume of records”—500 million—was involved in the attacks last year against industries other than those Gemalto evaluated. That number was up 300 percent from 124.8 million in 2015.
Breaches predominate in North America
North America accounted for 80 percent of all breaches, Gemalto found. The total number of breaches in the United States, Canada, Mexico and Central America was 1,433, up 11 percent from the year before. Attacks in these regions resulted in the theft of 1 billion records or about three-quarters of all breaches worldwide. This was an increase of 119 percent from 462.5 million in 2015.
Gemalto says it’s “likely” that the predominance of North American breaches is related to more stringent data-breach disclosure laws in the United States than in other countries outside the continent. The United States had, by far, the most breaches of any country—1,348 attacks that resulted in the theft of 858 million records.
Europe had the next-highest number of data breaches with 161 last year. The attacks in European countries resulted in the theft or loss of 183.4 million records, up 94 percent from 2015.
The Asia-Pacific region experienced 145 data breaches last year, up 11 percent from 2015. About 138 million records were stolen in these attacks—a big increase from 1.3 million in 2015.
What to do
As seen from the rising numbers, protecting sensitive data is getting more difficult and consuming a bigger chunk of spending. Staying steps ahead of hackers requires a shift in thinking on data security. While there is no magic bullet that will work for every organization, companies should take a three-step approach to mitigate the consequences of a breach.
Those steps include: encrypting all sensitive data; securely storing and managing all encryption keys; and controlling access and authentication of users.
In today’s breach landscape, these steps will help prevent businesses from becoming victimized by cyber criminals.
More stories about evolving threats:
Expect ransomware targets, methods to broaden
Steps to avoid being infected by the ransomware pandemic
Cyber robbers find cold, hard cash at small banks, credit unions