So far this year, the level of social awareness around cybersecurity and data breaches has exploded causing more people sit up and take notice. Historically, the topic was covered predominantly by tech-centric publications but recently has received much more attention from mainstream media. Today’s announcement from the U.S Securities and Exchange Commission (SEC) that a 2016 hack is having ongoing implications today was front page news. Data breaches and hacks are most likely not going to fade away anytime soon.
Gemalto has been tracking the data breach phenomenon for years. Since 2013, over nine billion records have been lost, stolen or compromised. This week, we released our 2017 first half Breach Level Index findings. One of the main data breach trends is linked to poor internal security practices, whether it was improperly disposed of records, insecure databases or user error. The new edition features some thought-provoking research including a 13% increase in data breaches from the last half of 2016 and a 164% increase in stolen, lost or compromised records.
Another concerning trend is the proliferation of identity theft. Being a victim of identity theft can ruin someone’s life. They could have tens of thousands of dollars of unauthorized charges on their credit cards, money stolen from bank accounts, credit scores ruined, and the identity thief could even commit crimes in their victim’s name. According to the BLI, identity theft type breaches constituted about 74% of all incidents, a 49% increase in comparison to the last half of 2016.
The huge international data breach problem becomes palpable when you consider that Gemalto has discovered 1,901,866,611 compromised data records in just the first half of 2017. In fact, IDC predicts that by 2020, more than 1.5 billion people, or roughly a quarter of the world’s population, will be affected by data breaches. The United States has been continuously the world leader in data breach incidents. Of the 918 breaches, 801 of them occurred in the US. The UK places a distant second with 40 incidents, and Canada’s third with 26.
This is an area to watch as it will most likely explode when the European General Data Protection (GDPR) and Australia’s Privacy Amendment (Notifiable Data Breaches) Act is enforced in 2018. These major steps in protecting people’s digital data and privacy will have a big impact on how companies handle data protection and the consequences.
It has been a challenge to associate a monetary value to data breaches, many times unable to calculate the full extent of the repercussions. One study by IT consultant CGI and using data from the Breach Level Index Oxford Economics found two-thirds of firms breached had their share price negatively impacted, out of the 65 companies evaluated the breach cost shareholders over $52.40 billion. How did the first half of 2017 impact different industries?
The privacy of corporate and personal data is clearly at risk, it’s a matter all industries and individuals must take seriously. So what do we do? We continue to promote the philosophy and approach of a “Secure Breach.” This approach to cybersecurity knows hackers are resourceful and will find a way in. Cybersecurity starts with knowing a breach is inevitable and implementing technology to reduce the risk if and when a breach happens. Wider implementation of encryption and access measures are a few ways to reduce the impact of a breach. However, less than 5% of breaches involved encrypted data. Storing and transmitting plaintext is one of the poor internal security practices that is a factor in the surge of data breaches. Be sure to encrypt your sensitive data, both in storage and in transit and include multi-factor authentication to protect against unauthorized access.