Break down of the 2017 Breach Level Index stats found:
- 7,125,940 compromised every day
- 2,96914 compromised records every hour
- 4,949 compromised records every minute
- 82 compromised records every second
Last year was a monumental year for data breaches. According to the new Breach Level Index (BLI), in 2017, the number of data records compromised in publicly disclosed data breaches surpassed 2.5 billion, up 88% from 2016. The only year in BLI’s history to surpass this total was 2013. But the world didn’t learn that until 2017 when Verizon Communications confirmed the exposure of all three billion Yahoo users’ accounts in a 2013 breach.
This delayed revelation raises the following question: what is the reason that companies don’t know about or disclose breaches immediately? Some of you may remember Andy Warhol’s 1984 public service announcement – “It’s 10pm: Do you know where your children are?” This rings true for data protection– “It’s 2018: Do you know where your data is?” It’s impossible to protect something if you don’t know where it is or who has access to it.
In 2017, the number of breaches with an unknown number of compromised records rose to 56%, up 18% from 2016 indicating the possibility that many companies don’t know the real extent of a breach. The risk of a data breach goes beyond exposed sensitive information, data integrity attacks pose a growing threat to companies too. If hackers alter information concerning sales numbers or intellectual property, this data manipulation could have a devastating impact on the company’s business decisions.
The main trends from the 2017 report identified:
- Human error as a major risk management and security issue: Accidental loss, consisting of improper disposal of records, misconfigured databases and other unintended security issues, caused 1.9 billion records to be exposed. A dramatic 580% increase in the number of compromised records from 2016.
- Identity theft is still the number one type of data breach: Identity theft was 69% of all data breach incidents. Over 600 million records were impacted resulting in a 73% increase from 2016.
- Internal threats are increasing: The number of malicious insider incidents decreased slightly. However, the number of records stolen increased to 30 million, a 117% increase from 2016.
- What a nuisance: The number of records breached in nuisance type attacks increased by 560% from 2016. The Breach Level Index defines a data breach as a nuisance when the compromised data includes basic information such as name, address and/or phone number. The larger ramification of this type of breach is often unknown, as hackers use this data to orchestrate other attacks.
- What industries where hit the hardest: The industries with the highest number data breach incidents were healthcare (27%), financial services (12%), education (11%) and government (11%). In terms of the number of records lost, stolen or compromised, the most targeted sectors were government (18%), financial services (9.1%) and technology (16%).
One of the most concerning data points the number of encrypted records. Only 1% of the 2.6 billion records lost, stolen or compromised were encrypted, this is down from 3% in 2016. For many companies, it will no longer be a “best practice” but a necessity to support Europe’s General Data Protection Regulation (GDPR). This regulation goes into effect on May 25th of this year and considers “privacy as a fundamental human right and to protect it as such.” Any company dealing with the information of a European citizen will have to comply. In terms of the BLI, we will most likely see the number of publicly disclosed breaches increase with GDPR. This level of reform may also be a catalyst for many other countries to take action regarding the privacy of their citizen’s information. In the United States, a similar discussion is taking place between Congress and Facebook’s CEO, Mark Zuckerberg.
As for 2018, it has already started off with some major data breaches at Saks Fifth Avenue, Lord & Taylor and Under Armour’s MyFitnessPal app. With GDPR, highly publicized data breaches and growing consumer awareness of data privacy, 2018 may prove to be catalyst year in cybersecurity.