A Blog by Jonathan Low

 

Feb 13, 2015

Hackers Reportedly Stole More Than 1 Billion Personal Data Records Last Year

A billion here, a billion there. It's a big number, but like most others it offers more of an insight when it's put in perspective.

That billion figure - a billion personal records stolen - represents a 78 percent increase over the previous  year. That's a pretty big number itself. And assuming it's a trend rather than an anomaly, means that the problem, which is to say the exposure, the risk and the liability for both consumers and the companies providing them with related services, is going to grow exponentially.

So, now that we have your attention...the question is, what can you do about it? If you're a private citizen, you can take some precautions, but the data also suggests that you probably won't. Not because you are lazy or a bad person or oblivious, but because the premise in which your growing attachment to your smartphone, your mobility and your expanding use of them is based on one consideration: convenience.

You use the same password across all your devices and platforms because it's more convenient. You limit the complexity of technological gatekeeping safeguards because it's more convenient. You share personal data in return for access to programs, promotions and other incentives because it's more convenient. You...get the picture.

Business liability is another matter. Clearly, the status quo is failing. The economic incentives should be sufficient to change behavior, including increased investment in security, which also means pro-active rather than passive protection. And if the economic incentives aren't enough, ask Amy Pascal, the now former leader of Sony Pictures Entertainment what she thinks. You could ask a number of other former CEOS as well. Yes, your job may depend on getting this right. Fast. JL

Dell Cameron reports in The Daily Dot:

"We're seeing a shift in the tactics of cybercriminals, with long-term identity theft becoming more of a goal than the immediacy of stealing a credit card number. Identity theft could lead to new fraudulent credit accounts, creating false identities for criminal enterprises, or other serious crimes."
Over a billion personal data records were compromised by hackers in 2014, a 78 percent increase from the previous year, according to a new report.
The latest findings of the Breach Level Index (BLI), published by digital security company Gemalto, reveal a 49 percent increase in data breaches overall. More than half of the 1,500 breaches measured were motivated by identity theft, overshadowing all other categories, including access to financial data.
The majority of data breaches, or 55 percent, occurred due to a “malicious outsider.” Accidental loss accounted for 25 percent, “malicious insiders” for 15 percent, state sponsored hacks for 4 percent, and hacktivism for only 1 percent.
One-third of the most severe breaches were also motivated by identity theft, Gemalto reported.
Data records lost or stolen in 2014
Data records lost or stolen in 2014 EXPAND
"We're clearly seeing a shift in the tactics of cybercriminals, with long-term identity theft becoming more of a goal than the immediacy of stealing a credit card number," said Tsion Gonen, Gemalto’s vice-president of strategy for identity and data protection.
"Identity theft could lead to the opening of new fraudulent credit accounts, creating false identities for criminal enterprises, or a host of other serious crimes,” he continued. “As data breaches become more personal, we're starting to see that the universe of risk exposure for the average person is expanding."
According to Gemalto’s data, 76 percent of records stolen in 2014 originated from North America, with the majority of those originating from the United States. Europe came in second place at only 12 percent. Asia/Pacific, the Middle East and Africa, and Latin America followed sequentially.
Not only are security breaches becoming more frequent, but they are increasing in severity as well. It’s no longer a matter of "if," but "when," Gemalto said.
“Companies need to adopt a data-centric view of digital threats starting with better identity and access control techniques such as multi-factor authentication and the use of encryption and key management to secure sensitive data,” added Gonen. “That way, if the data is stolen it is useless to the thieves."
Data records lost or stolen in 2014
Data records lost or stolen in 2014 EXPAND
A billion wasn’t a milestone necessarily difficult to achieve. On multiple occasions, hundreds of millions of records were compromised by a single attack. An attack on the e-commerce group Alibaba, for instance, led to over 300 million compromised records; over 100 million were captured in the attack on Home Depot; roughly 145 million from eBay; and so on.
It's a figure often difficult to imagine. To illustrate, if the records had been compromised at a rate of one per second, it would have taken the hackers approximately 30 years to achieve what they managed in 2014 alone.
Gemalto noted that only 4 percent of that attacks were secured breaches, which means attackers breached the perimeter security, but strong encryption or authentication solutions rendered the data useless.
The BLI report calculates data breaches based on disclosed information. The company notes that due to legal requirements, not all breaches are reported or publicly disclosed.

0 comments:

Post a Comment