The Dutch SIM card manufacturer Gemalto has released the latest survey report on the level of security violations. The results show that the total number of stolen, lost or leaked data worldwide reached 2.6 billion in 2017, an increase of 88% year-on-year. %. Although the number of data leakage incidents has decreased by 11% compared to 2016, 2017 has still been the year when the relevant records exceeded 2 billion for the first time since the 2013 data breach violation index survey.
In the past five years, the total number of data records stolen, lost or leaked was close to 10 billion, and the average speed of recorded data damage was about 5 million/day. In 1765 data breaches in 2017, identity theft was the most important type of data leakage, accounting for 69% of all data breaches. In all the violations, malicious intrusion became the number one cybersecurity threat, accounting for 72%.
In the past year, healthcare, financial services, and retail industry companies have become the main target of security violation activities. However, from the perspective of the success rate of the attack, the government and educational institutions have significantly weaker cyber risk resilience, accounting for 22% of all violations.
Based on the data leakage information collected in the violation index report, the key findings in 2017 include:
- Human error a major risk management and security issue: Accidental loss, consisting of improper disposal of records, misconfigured databases and other unintended security issues, caused 1.9 billion records to be exposed. A dramatic 580% increase in the number of compromised records from 2016.
- Identity theft is still the number one type of data breach: Identity theft was 69% of all data breach incidents. Over 600 million records were impacted resulting in a 73% increase from 2016.
- Internal threats are increasing: The number of malicious insider incidents decreased slightly. However, the amount of records stolen increased to 30 million, a 117% increase from 2016.
- What a nuisance: The number of records breached in nuisance type attacks increased by 560% from 2016. The Breach Level Index defines a data breach as a nuisance when the compromised data includes basic information such as name, address and/or phone number. The larger ramification of this type of breach is often unknown, as hackers use this data to orchestrate other attacks.
The violation index report defines the harassment disclosure and points out that the leakage data of such activities should include basic information such as the user’s name, residence address, and/or telephone number. Because hackers can use such data to support other attacks, the scale of such attacks continues to increase.
The number of identity theft data breaches accounted for 69% of all incidents in 2017. The second type of regular violation is the theft of financial data (16% of the total). The number of records of loss, theft, and destruction caused by harassment data leakage accounted for 61% of all leaked data, an increase of 560% over the same period of last year. Since 2016, account visits and other traditional types of violations have declined in both the number of incidents and the number of impact records.
In 2017, the industry with the most data leakage incidents was healthcare (27%), financial services (12%), education (11%) and government (11%).
Malicious external intruders have become the main source of data breaches, accounting for 72% of the total number of violations, but the number of leaked records they accounted for accounted for 23%. Although accidental loss caused only 18% of data violations, the resulting number of damaged records was as high as 76%—an increase of 580% compared to 2016. Malicious insiders caused 9% of all incidents of non-compliance, but the number of records of damaged or stolen records caused by this was a significant increase of 117% from 2016.