Dubai
Data breaches in the Middle East are up by 16.67 per cent to 21 in 2016 compared to 18 in2015 and 45.2 million data records were compromised compared to 38.5 million a year ago.
According to Gemalto’s Breach Level Index report, 1,792 data breaches worldwide led to almost 1.4 billion data records compromised worldwide during 2016, an increase of 86 per cent compared to 2015.
Identity theft was the leading type of data breach in 2016, accounting for 59 per cent of all data breaches.
In addition, 52 per cent per cent of the data breaches in 2016 did not disclose the number of compromised records at the time they were reported.
Sebastien Pavie, regional director for MEA, Identity and Data Protection at Gemalto, said that the number of breaches worldwide was actually down four per cent from 1,866 the year before, but still significant and damaging when you consider that almost 1.4 billion data records were lost or stolen in 2016 compared with 740 million in 2015.
He said that more than seven billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches.
“It highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high value targets,” he said.
Clearly, fraudsters are also shifting from attacks targeted at financial organisations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid, he said.
In 2016, globally, he said that identity theft was the leading type of data breach, accounting for 59 per cent of all data breaches, up by 5 per cent from 2015. The second most prevalent type of breach in 2016 is account access based breaches.
While the number of this type of data breach decreased by 3 per cent, it made up 54 per cent of all breached records, which is an increase of 336 per cent from the previous year. This highlights the “cybercriminal trend” from financial information attacks to bigger databases with large volumes of personally identifiable information.
“Another notable data point is the nuisance category with an increase of 102 per cent accounting for 18 per cent of all breached records up 1474 per cent since 2015,” he said.
According to the report, malicious outsiders were the leading source of data breaches worldwide, accounting for 68 per cent of breaches, up from 13 per cent in 2015. The number of records breached in malicious outsider attacks increased by 286 per cent from 2015. Hacktivist data breaches also increased in 2016 by 31 per cent, but only account for 3 per cent of all breaches that occurred last year.
Across industries, Pavie said that the technology sector globally had the largest increase in data breaches in 2016. Breaches rose 55 per cent, but only accounted for 11 per cent of all breaches last year. Almost 80 per cent of the breaches in this sector were account access and identity theft related. They also represented 28 per cent of compromised records in 2016, an increase of 278 per cent from 2015.
Last year, he said that 4.2 per cent of the total number of breach incidents involved data that had been encrypted in part or in full, compared to four per cent in 2015. In some of these instances, the password was encrypted, but other information was left unencrypted. However of the almost 1.4 billion records compromised, lost or stolen in 2016, only 6 per cent were encrypted partially or in full (compared to 2 per cent in 2015).
“Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organisations. Encryption and authentication are no longer ‘best practices’ but necessities. This is especially true with new and updated government mandates like the upcoming General Data Protection Regulation (GDPR) in Europe, US state-based and APAC country-based breach disclosure laws,” Pavie said.
However, he said that it’s also about protecting your business’ data integrity so the right decisions can be made on, your reputation and your profits.