The latest findings of Gemalto’s Breach Level Index for the first six months of 2015, has found 888 data breaches, compromising 246 million records worldwide.
Compared to the first half of 2014, data breaches increased by 10 percent while the number of compromised data records declined by 41 percent during the first six months of this year. This decline in compromised records can most likely be attributed to that fact that fewer large scale mega breaches have occurred in the retail industry compared to the same period last year.
Despite the decrease in the number of compromised records, large data breaches continued to expose massive amounts of personal information and identities. Among the largest breach in the first half of 2015, which scored a 10 in terms of severity on the Breach Level Index, include identity theft attack on Anthem Insurance that exposed 78.8 million records, representing almost a third (32 percent) of the total data records stolen in the first six months of 2015; and a 21-million-record breach at the US Office of Personnel Management.
“What we’re continuing to see is a large ROI for hackers with sophisticated attacks that expose massive amounts data records. Cyber criminals are still getting away with big and very valuable data sets. For instance, the average healthcare data breach in the first half of 2015 netted more than 450,000 data records, which is an increase of 200 percent compared to the same time last year,” said Jason Hart, Vice President and Chief Technology Officer, Data Protection, Gemalto.
The number of state-sponsored attacks accounted for just two percent of data breach incidents, but the number of records compromised as a result of those attacks totalled 41 percent of all records exposed, due to the breaches at Anthem Insurance and the US Office of Personnel Management. While none of the top 10 breaches from first half of 2014 were caused by state-sponsored attacks, three of the top ten this year were state sponsored—including the top two.
At the same time, malicious outsiders were the leading source of data breaches in the first half of 2015, accounting for 546 or 62 percent of breaches, compared to 465 or 58 percent in the first half of last year. Forty-six percent or 116 million of the total compromised records were attributable to malicious outsiders, down from 71.8 percent or 298 million in 2014.
Identity theft remained the primary type of breach, accounting for 75 percent of all records compromised and slightly more than half (53 percent) of data breaches in the first half of 2015.
Across industries, the government and healthcare sectors accounted for about two-thirds of compromised data records (31 percent and 34 percent respectively), though healthcare only accounted for 21 percent of breaches this year, down from 29 percent compared to the same period last year.
The level of encryption used to protect exposed data – which can dramatically reduce the impact of data breaches – increased slightly to 4 percent of all breaches compared with one percent in H1 2014.
According to Forrester, as cybercriminals have become more skillful and sophisticated, they have eroded the effectiveness of traditional perimeter-based security controls. The constantly mutating threat landscape requires new defensive measures, one of which is the pervasive use of data encryption technologies. In the future, organisations will encrypt data — both in motion and at rest — by default. This data-centric approach to security is a much more effective way to keep up with determined cybercriminals. By encrypting, and thereby devaluing, sensitive data, organisations can make cybercriminals bypass their networks and look for less robustly protected targets. Encryption will become a strategic cornerstone for security and risk executives responsible for their organisation’s data security and privacy efforts.
For a full summary of data breach incidents for the first half of 2015 by industry, source, type and geographic region, download the 1H 2015 Breach Level Index Report.