Cybersecurity firm Gemalto said that as many as 3.24 million records were stolen, lost or exposed in India in 2017, this is 783% increase from 2016. Globally, in 2017, the publicly disclosed breaches surpassed more than two billion compromised data records. Citing an internal report, Gemalto said over the past five years, nearly 10 billion records have been lost, stolen or exposed, with an average of five million records compromised globally every day.
Of the 29 data breach incidents in India in 2017, identity theft represented the leading type of data breach, accounting for 58% of all data breaches. Malicious outsiders remained the number one cybersecurity threat last year at 52% of all breach incidents. Companies in the retail, government and financial services sectors were the primary targets for breaches last year.
According to Gemalto, human error is a major risk management and security issue: Accidental loss, consisting of improper disposal of records, misconfigured databases and other unintended security issues, caused 3.7 million records to be exposed. Identity theft was 77% of all data breach incidents. Also, the number of records breached in nuisance type attacks which were not seen in 2016 have started to happen in 2017. Such attacks have compromised 200 million records this year. Gemalto's the Breach Level Index defines a data breach as a nuisance when the compromised data includes basic information such as name, address and/or phone number. The larger ramification of this type of breach is often unknown, as hackers use this data to orchestrate other attacks, said cybersecurity firm.
Also Read | World first biometric EMV card for contactless payments launched by Gemalto
“The manipulation of data or data integrity attacks pose an arguably more unknown threat for organizations to combat than simple data theft, as it can allow hackers to alter anything from sales numbers to intellectual property. By nature, data integrity breaches are often difficult to identify and in many cases, where this type of attack has occurred, we have yet to see the real impact,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.
“In the event that the confidentiality, or privacy, of the data is breached, an organization must have controls, such as encryption, key management and user access management, in place to ensure that integrity of the data isn't tampered with and it can still be trusted. Regardless of any concerns around manipulation, these controls would protect the data in situ and render it useless the moment it's stolen,” he added.
Also Read | Artificial Intelligence could be next big thing for cybersecurity: Here's why
Identity theft was the leading type of data breach, accounting for 77% of all incidents in 2017. The second most prevalent type of breach was access to government data (28%). The number of malicious outsiders increased the most for nuisance type of data breaches (488%) which constituted 98% of all compromised data.
In 2017, the industries that experienced the largest number of data breach incidents were government (28%), retail (21%), education (17%) and healthcare (7%). In terms of the amount of records lost, stolen or compromised, the most targeted sectors were government (62%) and technology (37%)
Malicious outsiders were the leading source of data breaches, accounting for 52%% of breaches, however making up 98.8% all compromised data. Malicious insider breaches were 14% of the total number of incidents, however this breach source experienced a dramatic increase (33%) in the number of compromised or stolen records from 2016.
Also Read | Cybersecurity is biggest barrier to fintech and banking sector partnerships in Asia Pacific: Fortinet
“Companies can mitigate the risks surrounding a breach through a ‘security by design' approach, building in security protocols and architecture at the beginning,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “This will be especially important, considering in 2018 new government regulations like Europe's General Data Protection Regulation (GDPR) and the Australian Privacy Act (APA) go into effect. These regulations require companies to adapt a new mindset towards security, protecting not only their sensitive data but the privacy of the customer data they store or manage.”
