More data records lost or stolen in the first half of 2017 than all of 2016
According to the latest Breach Level Index, 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017. Compared to the last six months of 2016, the number of lost, stolen or compromised records increased by a staggering 164%.
Less than 1% of the stolen, lost or compromised records were encrypted (to render the information useless to thieves).
Malicious outsiders caused the largest percentage of data breaches at 74%, an increase of 23%.
For the first six months of 2017, identity theft was the leading type of data breach in terms of the number of incidents, accounting for 74% of all data breaches, up from 49% during the previous six months. The number of records compromised in identity theft breaches increased by 255%.
Most of the industries the Breach Level Index tracks had more than a 100% increase in the number of compromised, stolen or lost records compared to the prior six months.
Using data from the BLI, IT consultant CGI, along with Oxford Economics, put a number on the cost of a data breach, finding that two-thirds of firms breached had their share price negatively impacted.
The BLI is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. With public breaches tracked since 2013, over the past 5 years, 9 billion records have been lost stolen or compromised, more data than the world’s population.
Whatever emotion those numbers raise in you – terror, shame, despair – the intent is not to make you feel bad, but to raise awareness. We are still at the beginning of the digital era and companies and governments alike are working to catch up with the pace of a digital world.
At the company level, companies can protect themselves by adopting a data-centric view of digital threats. This means moving data security controls closer to the data itself and to the users accessing the information, using data encryption, secure key management, and multi-factor authentication services.
At the government level, it means putting regulations in place that have some teeth in them. In the US, there have been data breach disclosure statutes dating back roughly to 2002, but according to the BLI, North America still makes up most of all breaches and compromised records – both above 86%. Disclosure is important but requiring action based on it is imperative. The European General Data Protection (GDPR) initiative, set to go into effect in May 2018, is a step in the right direction. Businesses will potentially face a fine of four percent of their global revenues if they fail to adequately protect and secure the information of consumers they have on file.
Security and privacy
On a personal level, it is important to learn the basics and understand the difference between data security and data privacy. NCSAM has several useful tools and tips. The current data breach epidemic feeds off our own consumer apathy as well as flawed rules that don’t make companies feel the pain. Only working together–consumers, government and industry–will change things.
IDG News Service