I have been focusing recently on payments security and cyber security and lo behold today Gemalto Released Findings of 2014 Breach Level Index. Gemalto have gathered information from various public sources to form a Breach Level Index (BLI, originally developed by SafeNet). It is a fascinating index, and well worth a look. The interactive Breach Database enables you to drill down and view data breaches by Organisation, Country, Industry, Source, Type and Date. The BLI findings provide an insight into the threats, where they are happening, the motivation for the data breaches and the intended goals. This post will focus on the findings from the 2014 Breach Level Index Report, following are my top 8 things worth knowing….
1. Data Breaches, 2014 – The Headline
Over 1 BILLION data records were compromised in 2014 resulting, compared with 2013, in a:
- 49% increase in data breaches….
- 78% increase in data records were either stolen or lost…
2. Data Breaches, 2014 – The Motivation
The Breach Level Index reveals the main purpose of cyber crime in 2014 was identify theft, 54% of all data breaches were motivated by identify theft. By this we are referring to the theft of names, addresses and social security details. In 2013, the main purpose for data breaches was to attain financial information such as credit card numbers.
3. Data Breaches, 2014 – By Region
Data breach incidents in 2014 were apportioned as follows:
- North America: 76%
- Europe: 12%
- Asia / Pacific: 8%
- Middle East / Africa: <3
- Latin America: <1%
It will be interesting to see the changes in data breaches in the Middle East, Africa and Latin America – based on the increasing digitalisation of these economies I am sure we will see significant jumps in data and security breaches in these locations.
4. Data Breaches, 2014 – Data Records Stolen by Industry
- Retail: 55%
- Financial: 20%
- Technology: 9%
- Education: 5%
- Government: 5%
- Other: 3%
- Healthcare: 3%
5. Data Breaches, 2014 – Number of Incidents by Industry
- Healthcare: 25%
- Government: 17%
- Financial: 12%
- Retail: 11%
- Education: 10%
- Technology: 9%
6. Data Breaches, 2014 – The Offenders
- Malicious outsiders: 55%
- Accidental loss: 25% <– Can you believe that!!!
- Malicious insider: 15% <– This, plus the above statistic, clearly show that YOU can significantly control a large portion of data breaches
- State sponsored: 4%
- Hacktivist: The rest…
7. Data Breaches, 2014 – By Type
- Identity theft: 54%
- Financial access: 17%
- Account access: 11%
- Nuisance: 10%
- Existential data: 8%
8. Data Breaches, 2014 – When will YOUR breach happen?
It is widely reported now that corporates should plan what to do in the event of a security or data breach. The focus has moved from prevention to damage limitation. Gemalto describe the need for a mind shift from “breach prevention to breach acceptance”, and go on to describe 3 steps that companies should adopt:
- Control user access & ensure the authenticity of users
- The need to encrypt all sensitive and business critical data
- The effective management and storage of all encryption keys
Knowledge is Power
The above statistics reveal that the threat is real. The Gemalto report goes further and show that the threat is increasing. It is interesting to note that even though there were relatively few Retail sector incidents they resulted in the highest number of overall data records being stolen. You could argue that these Retail incidents were also the most high profile, and as such resulted in reputational damage to the impacted companies. As organisations, institutions and corporations the Gemalto BLI findings are compelling – YOU must take note and assess your security. The Gemalto report can help guide your security strategy, and if you don’t have one, maybe its time you do….
I’d love to hear your comments about the BLI and this post below….