Compared to the same period in 2017, the number of lost, stolen or compromised records increased by a staggering 133 percent, though the total number of breaches slightly decreased over the same period, signaling an increase in the severity of each incident.
A total of six social media breaches, including the Cambridge Analytica-Facebook incident, accounted for over 56 percent of total records compromised. Of the 945 data breaches, 189 (20 percent of all breaches) had an unknown or unaccounted number of compromised data records.
The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are not serious versus those that are truly impactful.
According to the Breach Level Index, almost 15 billion data records have been exposed since 2013, when the index began benchmarking publicly disclosed data breaches. During the first six months of 2018, more than 25 million records were compromised or exposed every day, or 291 records every second, including medical, credit card and/or financial data or personally identifiable information. This is particularly concerning, since only one percent of the stolen, lost or compromised data records were protected by encryption to render the information useless, a percent-and-a-half drop compared to the first six months of 2017.
“Obviously, this year social media has been the top industry and threat vector for the compromise of personal data, a trend we can expect to continue with more and more sectors leveraging these platforms to reach key audiences, especially political teams gearing up for major elections,” said Jason Hart, vice president and chief technology officer for data protection at Gemalto. “We also expect to see more data breaches reported by European Union countries bound by the new General Data Protection Regulation and in Australia with the new Notifiable Data Breaches law. We should be careful not to misconstrue this as an increase in overall incidents in these areas but rather as a more accurate reflection of what is actually going on.”
Primary Sources of Data Breaches
Malicious outsiders caused the largest percentage of data breaches (56 percent), a slight decrease of almost seven percent over the second half of 2017 and accounted for over 80 percent of all stolen, compromised or lost records. Accidental loss accounted for over 879 million (9 percent) of the records lost this half, the second most popular cause of data breaches representing over one third of incidents. The number of records and incidents involved in malicious insider attacks fell by 50 percent this half compared to the same time period in 2017.
Leading Types of Data Breaches
Identity theft continues to be the leading type of data breach, as it has been since Gemalto first started tracking in 2013. While the number of identity theft breaches increased by 13 percent over the second half of 2017 to just over 64 percent, the number of records stolen through these incidents increased by 539 percent, representing over 87 percent of all records stolen.
Financial access incidents show a disturbing trend in the escalation of severity. Though overall incident numbers are on the decline H1 2017 vs. H1 2018 (171 for H1 2017 and 123 for H1 2018), the number of records breached increased H1 2017 vs. H1 2018 (2.7 million and 359million) respectively.
Industries Most Affected by Data Breaches
Most sectors saw an increase in the number of incidents compared to the previous half – the exceptions were government, professional services, retail and technology, though both government and retail saw an increase in the number of records breached through fewer events.
Healthcare continues to lead in number of incidents (27 percent). The largest such incident, 211 LA County, exposed 3.5 million records through accidental loss.
Social media ranks top for number of records breached (56 percent) due to the high-profile customer data compromises at Facebook and Twitter, involving 2.2 billion and 336 million respectively.
Geographic Distribution of Data Breaches
North America still makes up the majority of all breaches and the number of compromised records, 59 and 72 percent respectively. The United States is still by far and away the most popular target for attacks, representing more than 57 percent of global breaches and accounting for 72 percent of all records stolen, though overall incidents are down 17 percent over the prior half.
With the implementation of the Notifiable Data Breaches law, the number of incidents in Australia increased dramatically from 18 to 308 as could be expected.
Europe saw 36 percent fewer incidents but a 28 percent increase in the number of records breached indicating growing severity of attacks. The United Kingdom remains the most breached country in the region. With the General Data Protection Regulation in full effect for the second half of 2018, the number of reported incidents could begin to rise.
Time is running out for Microsoft SQL Server 2008
Companies are urged to update from the dated database management software as end-of-support looms, writes BRYAN TURNER.
The 11-year-old Microsoft SQL Server 2008 database management software is reaching the end of its support on 9 July. The applications that use databases running on this software will be at risk of security and stability issues.
On self-managed databases, upgrading to the latest database version comes with a lot of risks. Many IT departments within companies go by the motto: “If it’s not broken, don’t fix it”.
Microsoft made it very clear that it would not be updating SQL Server 2005 after its extended support date and even left it vulnerable to Spectre and Meltdown by not releasing patches for the dated version.
Updating SQL Server versions may seem daunting, but the benefits far outweigh the effort it takes for a migration. In the last major version update, SQL Server 2016 introduced simpler backup functionality, database stretching, and always-encrypted communications with the database, to name just three features.
While backing up the database may be the last thing on the typical database administrator’s mind, it’s become increasingly important to do so. In SQL Server 2008, it’s clunky and causes headaches for many admins. However, in SQL Server 2016, one can easily set up an automated backup to Azure storage and let it run on smart backup intervals. Backing up offsite also reduces the need for disaster recovery for onsite damage.
Database stretching allows admins to push less frequently accessed data to an Azure database, automatically decided by SQL Server 2016. This reduces the admin of manually looking through what must be kept and what must be shipped off or deleted. It also reduces the size of the database, which also increases the performance of the applications that access it. The best part of this functionality is it automatically retrieves the less accessed records from Azure when users request it, without the need for manual intervention.
Always-encrypted communications are becoming more and more relevant to many companies, especially those operating in European regions after the introduction of GDPR. Encryption keys were previously managed by the admin, but now encryption is always handled by the client. Furthermore, the keys to encrypt and decrypt data are stored outside of SQL Server altogether. This means data stored in the database is always encrypted, and no longer for the eyes of a curious database manager.
The built-in reporting tools have also vastly improved with the addition of new reporting metrics and a modern look. It includes support for Excel reports for keeping documentation and Power BI for automated, drag-and-drop personalised reporting. Best of all, it removes the dreaded Active X controls, which made the reporting in a webpage feel very clumsy and bloated in previous versions.
A lot has changed in the past ten years in the world of SQL Server database management, and it’s not worth running into problems before Microsoft ends support for SQL Server 2008.
Local apps to feature in Huawei’s App Gallery
Huawei’s mobile app store, the HUAWEI AppGallery, will soon feature a multitude of apps and designs by local developers. The company says this is part of its drive to promote South African digital talent and include more useful apps for Huawei smartphone users. HUAWEI AppGallery and HUAWEI Themes are pre-installed on all the latest Huawei and Honor devices.
“South African consumers are increasingly wanting more apps that are relevant to their unique circumstances, addressing issues they experience regularly – such as load shedding or safety concerns – but also apps that celebrate South Africa’s multitude of cultures and this vibrant country,” says Lu Geng, director of Huawei Consumer Cloud Service Southern Africa Region.
Akhram Mohamed, chief technology officer of Huawei Consumer Business Group South Africa, says: “Huawei is committed to catering to the needs of South African consumers, but we also know that we do not have all the answers. For this reason, we aim to work closely with South African developers so that we can give our users everything that they need and want from their devices. At the same time, we also hope to create an open ecosystem for local developers by offering a simple and secure environment for them to upload content.”
Huawei Mobile Services was launched in South Africa in June last year. Since then, both the HUAWEI AppGallery and HUAWEI Themes – which features tens of thousands of themes, fonts and wallpapers that personalise user’s handset – have become increasingly popular with the local market. Even though it is a relatively new division of Huawei, there has been a great increase in growth; at the end of 2018 Huawei Mobile Services had 500 million users globally, representing a 117% increase on the previous year.
Explaining what differentiates the HUAWEI AppGallery from other app stores, Mosa Matshediso Hlobelo, business developer for Consumer Cloud Service Southern Africa says: “We use the name ‘HUAWEI AppGallery’ because we have a dedicated team that curates all the apps in terms of relevance and ease of use and to ensure that there are no technical issues. Importantly, all apps are also security-checked for malware and privacy leaks before being uploaded on to the HUAWEI AppGallery.”
Huawei recently held a Developers’ Day where Huawei executives met with South African developers to discuss Huawei’s offering. 48 developers registered their apps on the day, and Huawei is currently in discussions with them with the eventual aim of featuring the best apps and designs on HUAWEI AppGallery or HUAWEI Themes. The Consumer Cloud Service Southern Africa Team at Huawei plans on making Developers’ Day a quarterly event and establishing a local providers’ hub, where developers can regularly meet with Huawei for training on updates to programmes and offerings.
“We have a very hands-on approach with our developers, and hope to expand that community so we can become an additional distribution channel for more developers and expose them to both a local and a global audience,” says Geng. “For example, we regularly feature apps and designs from local developers on our Huawei social media pages, and do competitions and promotions. We want to do everything we can to make our Huawei users aware of these local apps and upload them. This will encourage the growth of the developer community in South Africa by giving developers more opportunities to generate revenue from in-app purchases.”
* Developers who would like their apps featured on the HUAWEI App Gallery, or designs featured on HUAWEI Themes, should visit https://developer.huawei.com or email Huawei Mobile Services on firstname.lastname@example.org.