Gemalto reports 2.6bn records breached in 2017
Breach Level Index shows record volume of data breached last year
Over two billion records were stolen lost or exposed in 2017, according to Gemalto's Breach Level Index.
The Index, a global database of breaches and their severity, showed 2.6 billion records were compromised in 2017, the first time that the total has passed two billion. Identity theft comprised the majority of records lost.
The figures marked an 88% increase in the number of records breached from 2016 figures, although the number of incidents fell by 11%.
"The manipulation of data or data integrity attacks pose an arguably more unknown threat for organizations to combat than simple data theft, as it can allow hackers to alter anything from sales numbers to intellectual property. By nature, data integrity breaches are often difficult to identify and in many cases, where this type of attack has occurred, we have yet to see the real impact," said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.
"In the event that the confidentiality, or privacy, of the data is breached, an organization must have controls, such as encryption, key management and user access management, in place to ensure that integrity of the data isn't tampered with and it can still be trusted. Regardless of any concerns around manipulation, these controls would protect the data in situ and render it useless the moment it's stolen."
Over the past five years, nearly 10 billion records have been lost, stolen or exposed, with an average of five million records compromised every day. Of the 1,765 data breach incidents in 2017, identity theft represented the leading type of data breach, accounting for 69% of all data breaches. Malicious outsiders remained the number one cybersecurity threat last year at 72% of all breach incidents.
Companies in the healthcare, financial services and retail sectors were the primary targets for breaches last year. However, government and educational institutions were not immune to cyber risks in 2017, making up 22% of all breaches.
The Breach Level Index serves as a global database that tracks and analyzes data breaches, the type of data compromised and how it was accessed, lost or stolen.
Based on data breach reports collected in the Breach Level Index. The 2017 report showed a 580% increase in human error and accidental exposure of records in 2017, through improper disposal of records, misconfigured databases and other unintended security issues, causing 1.9 billion records to be exposed.
Identity theft is still the number one type of data breach, accounting for 69% of all data breach incidents. Over 600 million records were impacted resulting in a 73% increase from 2016.
Internal threats also increased by volume of records stolen, up to 30 million, a 117% increase, although the number of incidents fell. The Index also showed that nuisance attacks, defined as a data breach of basic information such as name, address and/or phone number, were up by 560%.
"Companies can mitigate the risks surrounding a breach through a ‘security by design' approach, building in security protocols and architecture at the beginning," said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. "This will be especially important, considering in 2018 new government regulations like Europe's General Data Protection Regulation (GDPR) and the Australian Privacy Act (APA) go into effect. These regulations require companies to adapt a new mindset towards security, protecting not only their sensitive data but the privacy of the customer data they store or manage."