Gemalto’s recent findings of its Breach Level Index revealed that 1,792 data breaches led to almost 1.4 billion data records compromised worldwide during 2016, an increase of 86% compared to 2015.
Gemalto has released the findings of the Breach Level Index revealing that 1,792 data breaches led to almost 1.4 billion data records compromised worldwide during 2016, an increase of 86% compared to 2015. Identity theft was the leading type of data breach in 2016, accounting for 59% of all data breaches. In addition, 52% percent of the data breaches in 2016 did not disclose the number of compromised records at the time they were reported.
The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are a not serious versus those that are truly impactful (scores run 1-10). According to the Breach Level Index, more than 7 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. Breaking it down that is over 3 million records compromised every day or roughly 44 records every second.
Last year, the account access based attack on AdultFriend Finder exposing 400 million records scored a 10 in terms of severity on the Breach Level Index. Other notable breaches in 2016 included Fling (BLI: 9.8), Philippines’ Commission on Elections (COMELEC) (BLI: 9.8), 17 Media (BLI: 9.7) and Dailymotion (BLI: 9.6). In fact, the top 10 breaches in terms of severity accounted for over half of all compromised records. In 2016, Yahoo! reported two major data breaches involving 1.5 billion user accounts, but are not accounted for in the BLI’s 2016 numbers since they occurred in 2013 and 2014.
In the local context, South African Breaches increased from 6 in 2015 to 11 in 2016. Overall, from 2015 to 2016, the South African Government had to contend with the most attacks – reported at nearly 60% in 2016 as compared to the 50% reported in the previous year. Government entities including the South Africa’s Department of Water Affairs as well as the Government Communications and Information Services (GCIS) accounted the 5 800 and 33 000 records respectively breached in 2016.
“The Breach Level Index highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organizations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid, said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.
Data Breaches by Type
In 2016, identity theft was the leading type of data breach, accounting for 59% of all data breaches, up by 5% from 2015. The second most prevalent type of breach in 2016 is account access based breaches. While the number of this type of data breach decreased by 3%, it made up 54 % of all breached records, which is an increase of 336% from the previous year. This highlights the cybercriminal trend from financial information attacks to bigger databases with large volumes of personally identifiable information. Another notable data point is the nuisance category with an increase of 102% accounting for 18% of all breached records up 1474% since 2015.
Data Breaches by Source
Malicious outsiders were the leading source of data breaches, accounting for 68% of breaches, up from 13% in 2015. The number of records breached in malicious outsider attacks increased by 286% from 2015. Hacktivist data breaches also increased in 2016 by 31%, but only account for 3% of all breaches that occurred last year.
Data Breaches by Industry
Across industries, the technology sector had the largest increase in data breaches in 2016. Breaches rose 55%, but only accounted for 11% of all breaches last year. Almost 80% of the breaches in this sector were account access and identity theft related. They also represented 28% of compromised records in 2016, an increase of 278% from 2015.
The healthcare industry accounted for 28% of data breaches, rising 11% compared to 2015. However, the number of compromised data records in healthcare decreased by 75% since 2015. Education saw a 5% decrease in data breaches between 2015 and 2016 and a drop of 78% in compromised data records. Government accounted for 15% of all data breaches in 2016. However, the number of compromised data records increased 27% from 2015. Financial services companies accounted for 12% of all data breaches, a 23% decline compared to the previous year.
All industries listed in the other category represented 13% of data breaches and 36% of compromised data records. In this category, the overall number of data breaches decreased by 29%, while the number of compromised records jumped by 300% since 2015. Social media and entertainment industry related data breaches made up the majority.
Last year 4.2% of the total number of breach incidents involved data that had been encrypted in part or in full, compared to 4% in 2015. In some of these instances, the password was encrypted, but other information was left unencrypted. However, of the almost 1.4 billion records compromised, lost or stolen in 2016, only 6% were encrypted partially or in full (compared to 2% in 2015).
“Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organizations. Encryption and authentication are no longer ‘best practices’ but necessities. This is especially true with new and updated government mandates like the upcoming General Data Protection Regulation (GDPR) in Europe, U.S state-based and APAC country-based breach disclosure laws. But it’s also about protecting your business’ data integrity so the right decisions can be made on, your reputation and your profits.”
Veeam passes $1bn, prepares for cloud’s ‘Act II’
The leader in cloud data management reveals how it will harness the next growth phase of the data revolution, writes ARTHUR GOLDSTUCK
Veeam Software, the quiet leader in backup solutions for cloud data management,has announced that it has passed $1-billion in revenues, and is preparing for the next phase of sustained growth in the sector.
Now, it is unveiling what it calls Act II, following five years of rapid growth through modernisation of the data centre. At the VeeamON 2019conferencein Miami this week, company co-founder Ratmir Timashev declared that the opportunities in this new era, focused on managing data for the hybrid cloud, would drive the next phase of growth.
“Veeam created the VMware backup market and has dominated it as the leader for the last decade,” said Timashev, who is also executive vice president for sales and marketing at the organisation. “This was Veeam’s Act I and I am delighted that we have surpassed the $1 billion mark; in 2013 I predicted we’d achieve this in less than six years.
“However, the market is now changing. Backup is still critical, but customers are now building hybrid clouds with AWS, Azure, IBM and Google, and they need more than just backup. To succeed in this changing environment, Veeam has had to adapt. Veeam, with its 60,000-plus channel and service provider partners and the broadest ecosystem of technology partners, including Cisco, HPE, NetApp, Nutanix and Pure Storage, is best positioned to dominate the new cloud data management in our Act II.”
Veeam has been the leading provider of backup, recovery and replication solutions for more than a decade, and is growing rapidly at a time when other players in the backup market are struggling to innovate on demand.
“Backup is not sexy and they made a pretty successful company out of something that others seem to be screwing up,” said Roy Illsley, Distinguished Analyst at Ovum, speaking in Miami after the VeeamOn conference. “Others have not invested much in new products and they don’t solve key challenges that most organisations want solved. Theyre resting on their laurels and are stuck in the physical world of backup instead of embracing the cloud.”
Illsley readily buys into the Veeam tagline. “It just works”.
“They are very good at marketing but are also a good engineering comany that does produce the goods. Their big strength, that it just works, is a reliable feature they have built into their product portfolio.”
Veeam said in statement from the event that, while it had initially focused on server virtualisation for VMware environments, in recent years it had expanded this core offering. It was now delivering integration with multiple hypervisors, physical servers and endpoints, along with public and software-as-a-service workloads, while partnering with leading cloud, storage, server, hyperconverged (HCI) and application vendors.
This week, it announced a new “with Veeam”program, which brings in enterprise storage and hyperconverged (HCI) vendors to provide customers with comprehensive secondary storage solutions that combine Veeam software with industry-leading infrastructure systems. Companies like ExaGrid and Nutanix have already announced partnerships.
Timashev said: “From day one, we have focused on partnerships to deliver customer value. Working with our storage and cloud partners, we are delivering choice, flexibility and value to customers of all sizes.”
‘Energy scavenging’ gets funding
As the drive towards a 5G future gathers momentum, the University of Surrey’s research into technology that could power countless internet enabled devices – including those needed for autonomous cars – has won over £1M from the Engineering and Physical Sciences Research Council (EPSRC) and industry partners.
Surrey’s Advanced Technology Institute (ATI) has been working on triboelectric nanogenerators (TENG), an energy harvesting technology capable of ‘scavenging’ energy from movements such as human motion, machine vibration, wind and vehicle movements to power small electronic components.
TENG energy harvesting is based on a combination of electrostatic charging and electrostatic induction, providing high output, peak efficiency and low-cost solutions for small scale electronic devices. It’s thought such devices will be vital for the smart sensors needed to enable driverless cars to work safely, wearable electronics, health sensors in ‘smart hospitals’ and robotics in ‘smart factories.’
The ATI will be partnered on this development project with the Georgia Institute of Technology, QinetiQ, MAS Holdings, National Physical Laboratory, Soochow University and Jaguar Land Rover.
Professor Ravi Silva, Director of the ATI and the principal investigator of the TENG project, said: “TENG technology is ideal to power the next generation of electronic devices due to its small footprint and capacity to integrate into systems we use every day. Here at the ATI, we are constantly looking to develop such advanced technologies leading towards our quest to realise worldwide “free energy”.
“TENGs are an ideal candidate to power the autonomous electronic systems for Internet of Things applications and wearable electronic devices. We believe this research grant will allow us to further the design of optimized energy harvesters.”