a global leader in data protection solutions, today released the highlights from its SafeNet Breach Level Index (BLI)
for the second quarter of 2014. Between April and June of this year,
there were a total of 237 breaches that compromised more than 175
million customer records of personal and financial information
worldwide.
For the first half of 2014, more than 375 million customer
records were stolen or lost as a result of 559 breaches worldwide. The
retail industry had more data records compromised than any other
industry during the second quarter, with more than145 million records
stolen or lost, or 83 per cent of all data records breached. Less than
one per cent of all 237 breaches during the second quarter were secure
breaches where strong encryption or authentication solutions protected
the data from being used.
SafeNet also announced the results of a global survey of
more than 4,500 adult consumers in which nearly 40 per cent of
respondents said they would never, or were very unlikely to, shop or do
business again with a company that had experienced a data breach. This
sentiment increased to 65 per cent if the data breach involved
customers’ financial and sensitive information.
Q2 Highlights
The Breach Level Index provides details
about hundreds of individual data breaches, which can be sorted by
source, industry, risk level, and date. Highlights from the second
quarter include:
- In each of the last four consecutive quarters, there has been one major data breach in which more than 100 million records were exposed.
- 175,655,228 records were stolen in the second quarter. This equates to 1,951,724 records stolen per day; 81,321 stolen per hour; and 1,355 records stolen every second.
- Malicious outsiders are targeting businesses’ most critical records. They are responsible for compromising 99 per cent of the records and 56 per cent of the incidents this quarter, more than any other source.
- Healthcare incurred 23 per cent of incidents, more than any other industry, but only accounted for 782,732 records lost or less than 1 per cent of all records stolen during the quarter.
- Identity theft was the leading cause of breaches with 58 per cent of all incidents and 88 per cent of records stolen.
- Encryption was used in only 10 of the 237 reported data breach incidents. Of those, only two could be classified as secure breaches in which encryption restricted the access of stolen data.
- The U.S. accounted for 85 per cent of records compromised worldwide and 74 per cent of all reported incidents, more than any other country. Germany followed with 10 per cent of all records stolen.
- Three of the top five breaches were based in the U.S., with the other two breaches occurring in Europe.
- Government was the second least secure sector after retail, accounting for 11 per cent of all records that were lost or stolen. The Department of Veterans Affairs incurred the most breaches, having been hacked during each quarter of 2014.
- Financial services breaches decreased significantly from the first quarter, down from 56 per cent to less than one per cent of records stolen in the second quarter.
“Even amidst continued warnings about
data security, the breach epidemic is trending in the wrong direction.
2014 has proven to be more of the same, with 379 million customer
records stolen in the first six months alone,” said Jason Hart, VP Cloud
Solutions at SafeNet. “While it’s not surprising that sophisticated
cybercriminals are gaining access to critical data stores, what is
surprising is that only one per cent of breached records had been
encrypted. The benefits of encryption have been known for some time, but
companies just aren’t doing it. It’s the security industry’s equivalent
of flossing your teeth. Everyone knows it’s good for you and the
technology is proven, but only a small percentage of companies do it
well.”
The BLI provides a centralised, global
database of data breaches and calculates their severity based on
multiple dimensions, including the type of data and the number of
records stolen, the source of the breach, and whether or not the data
was encrypted. By assigning a severity score to each breach, the BLI
provides a comparative list of breaches, distinguishing nuisances from
truly impactful mega breaches. Information populating the BLI database
is based on publicly available breach disclosure information.
SafeNet first collaborated with industry analyst firm IT-Harvest in
2013 to develop the logarithmic formula used to determine breach
severity. When calculating the severity of data breaches, the BLI
factors in multiple inputs, including data type, number of records
stolen, breach source, and if the high-value data remained secure after
the breach was discovered. These inputs are then processed through a
proprietary algorithm that produces an index number, with one (1) being
least severe and 10 being most severe.
Resources
- Breach Level Index Executive Summary: http://breachlevelindex.com/pdf/Breach-Level-Index-Report-Q22014.pdf
- Breach Level Index website: www.breachlevelindex.com
- Secure the Breach website: www.securethebreach.com
- Secure the Breach Manifesto: www2.safenet-inc.com/securethebreach/downloads/secure_the_breach_manifesto.pdf
- Customer Sentiment Survey Summary http://www2.safenet-inc.com/email/2014/dp/GlobalCustomerSentiment/index.html
No comments:
Post a Comment