2018 Global Data Breach Report - the need for Cryptographic Security

in security •  6 years ago  (edited)

The total number of sensitive data records recorded in the first half of 2018 amounted to 4,553,172,708.

This is an increase of 133 percent compared to the first half of 2017.

Each year the number of records compromised per day, hour, minute and second exceeded the totals observed last year. It is noteworthy that these figures over doubled between 2017 and 2018.

Only 945 security incidents were reported in the first half of 2018. This is 18.7 percent less than the 1,162 infringements in the first half of 2017.

Of these incidents, there were only 21 data breaches where encryption was used in whole or in part for the data, that‘s less than half the total from 2017.

Records-per-breach is growing at an alarming rate.

The general rise in the volume of lost records is alarming enough (1H 2018’s figure is up 1,751 percent on 1H 2015) but what’s shocking is the average number of records per data breach incident.

2015: 245.9 million records of 999 incidents - 276,936 records per incident.
2016: 554.5 million records of 974 incidents - 569,255 records per incident.
2017: 2.6 billion records on 1765 incidents - 1.47 million records per incident.
2018: 4.5 billion records on 945 offenses - 4.8 million records per incident.
Breaches in the first half of 2018 were the absolute worst to date.

Most common breach

By source

No other source of data breaches approached malicious outsiders in the first half of 2018.

The number of outbound records from external attackers increased by over 1,000 percent to over 3.6 billion records breached.

This growth resisted the 38 percent decline in the total number of incidents of malicious outsiders to 530 events.

The number of files exposed to accidental loss decreased by 47 percent to less than 900 million, making it the second largest source of data loss for 2018 with 318 incidents.

Hacktivists compromised fewer records and were responsible for fewer incidents in H1 2018 with 23 incidents, an increase of 1,050 percent from 2017 totals.

The number of affected records rose from 70,000 to greater than 13 million.

Malicious insider incidents dropped 45 percent to just 61 while compromised records dropped 60 percent to just over 12 million.

By type

Identity theft was again the most common data breaches. It accounted for nearly 4 billion compromised records. About 87 percent of accounts were exposed in H1 2018 - a massive growth of 1,128 percent from 2017. The number of incidents decreased by over 25% down to 610.

Financial access violations increased their reach by over 13,000 percent with only 123 incidents - a decrease of 28 percent from the first half of 2017.
Account access had a more modest profit of 161 percent while the number of incidents rose 124 percent to 166.
Nuisance dropped by nearly 100 percent to 1,694,029 in 37 incidents - a loss rate that was nearly identical for existential data with only 11 records in 9 incidents.

By Industry

From an industry perspective, social media giants such as Twitter and Facebook were the largest number of compromised records and recorded the highest growth rate in the first half of 2018 - at 2.5 billion while retail and professional services also grew.

In some other industries, the number of injured accounts rose by over a 1000 percent - This is a massive increase over the previous year.

Other sectors recorded lower growth in the number of compromised data sets or security incidents. These included government, hospitality, technology, and insurance.

In the same reporting period, Healthcare recorded a decrease in both the number of security incidents and the number of injured records.

Organizations in the education, entertainment, financial services, and non-profit sectors - had breaches between 50 percent and 100 percent less in the first half of 2018.

Look at the “bigger data” security picture.

These are the companies that can use detailed information about you courtesy of Facebook, Google, or others for their own purposes.

You don’t have to look far.

Take a look at Exactis which contained detailed information about 340 million people in an unsecured online database including names, addresses, children and their ages - also information about pets, interests, and more.

Exactis did not collect this data itself.

There’s a good chance that your data is already compromised with exactly the same level of detail as in the Exactis database - especially if you’ve agreed to a Facebook app that uses your data. But even if you don’t, it could still be out there - thanks to a deliberate social media trait that allows people to agree to the data of their friends.

Real-world Cyber Warfare

October 4, 2018 - An alarming Bloomberg BusinessWeek report claiming that major American corporate giants were under the Chinese government’s surveillance via a minute chip implanted in US Hardware took the country by storm.

The companies directly confronted with the heat are Apple AAPL and Amazon AMZN. The data center equipment of these giants is at the center of the hack.

The report comes less than two weeks after Facebook FB reported a cyber attack on its system that has compromised more than 50 million accounts worldwide.

This isn’t the first attack on a major American technology company this year; Expedia ’s EXPE Orbitz and Under Armour’s UAA MyFitnessPal app faced cybersecurity threats as well. But the damage caused by a possible security breach by Chinese espionage chips in China hardware is nothing like scale and gravity.

The seriousness of the matter is reflected in the companies that formed the basis of the attack, suggesting that no technology giant is immune to cyber threats.

How does a Chinese Miniscule Spy Chip affect You?

American technology giants’ low-cost solution to manufacture and assemble equipment overseas has formulated a problem too big to counter right away.

The cost-effective global supply chain that helps Amazon and Apple fabricate and put their hardware together demands a closer look at the Chinese government’s snuck tiny spy chips into equipment processed in China.

Super Micro SMCI, a San Jose-based component provider that assembled equipment for Elemental, Amazon and Apple’s hardware supplier, had its equipment infiltrated with Chinese spy chips, the Bloomberg report cited.

Amazon, Apple, and Super Micro denied allegations made in the report, with Homeland Security saying,“ it has no reason to doubt” the statements issued by the concerned companies.

The problem of compromises in the supply chain, however, requires a step-by-step assessment of the entire chain from design through manufacturing to assembly.

Hardware hacks aren’t easy to detect unless the high-end equipment is put to use, therefore it makes more sense to pay heed to cybersecurity systems that can shield your data. A microchip can modify the core of the system in which it is embedded so that it can send and receive signals from a remote server, which can affect the data in the system.

Integrated protection is one of the few ways to protect your system from data breaches by the hardware used by cloud services such as Utimaco Cryptographic Modules and Key Management Systems like Cryptomathic KMS.

Protect your data from cyber attacks.

Encryption is one of the most effective ways to avoid potential data corruption. This prevents cybercriminals from gaining access to your server. - Whether they are employees practicing bad password practices, reckless mistakes that lead to adverse consequences, or foreign microchips embedded in hardware.

“Data breaches pose a serious threat to the privacy, finances and personal security of California consumers. The fight against these kinds of cybercrimes requires the use of innovative strategies by government and the private sector to protect our state’s consumers and businesses. I strongly encourage more use of encryption to significantly reduce the risk of data breaches.“ -California Attorney General Kamala Harris

Therefore, it is imperative to use encryption and other means of cybersecurity to secure your information, thus averting a data breach.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://breachlevelindex.com/

Congratulations @davidmcneal28! You received a personal award!

1 Year on Steemit

Click here to view your Board

Do not miss the last post from @steemitboard:

SteemWhales has officially moved to SteemitBoard Ranking
SteemitBoard - Witness Update

Support SteemitBoard's project! Vote for its witness and get one more award!