Nearly 200 million records—or 93,000 records per hour—were stolen between January and March of 2014, an increase of 233 percent over the same quarter last year, according to the recently released SafeNet Breach Level Index.
If there was any doubt that companies are not doing enough to protect their information assets, the BLI results show that among the 254 breaches that occurred in that time period, a mere one percent were considered "secure breaches," in other words, those in which data was protected by strong encryption key management or authentication.
Safenet's BLI gathers publicly available information on data breaches in a centralized, global database, then figures their severity using a number of factors, including data type, breach source, whether encryption was employed and number of records stolen. Safenet noted that 46 percent of the data breaches reported didn't not include information on the number of records lost or stolen.
South Korea suffered four out of the top five breaches, with three breaches attributed to identity theft and one to account access. Those breaches were rated 10, 9.4, 9.3 and 9.3 on the BLI scale, with a total of 158 million records stolen. Germany rounded out the top five with a breach that Safenet rated 9.1, which affected 16 million records.
“Four of the top five breaches occurred in South Korea, and that was a bit of a surprise," Tsion Gonen, Chief Strategy Officer, SafeNet, told SCMagazine.com in an email correspondence. "In the past, the largest breaches that are reported have taken place in the U.S., so that obviously points to a trend we should watch for the rest of this year. Usually due to more stringent breach notification laws in the US, the country dominates the statistics.”
The research shows that malicious insiders accounted for more than half (52 percent) of the breaches while malicious outsiders made up 43 percent. In third place, credited with only four percent of breaches, were hacktivists.
Healthcare was the industry most hit during the quarter, with 24 percent of the breaches occurring in that sector. Government, financial and technology tied for second place with each accounting for 14 percent of the breaches—though the financial industry accounted for the most records stolen (55 percent) and the healthcare industry had more breaches but fewer records stolen. The retail and education sectors got hit with 10 percent and nine percent of the breaches, respectively.
Noting that an upward trajectory “is becoming a general trend of more frequent large-scale breaches,” Gonen contends that the attacks, like the one that hit Target, will continue “unless companies start changing their approach to data security.”
He cautioned that companies should assume that they are next in line for an attack and “should start to even out the attention they pay between trying to ‘prevent' breaches and trying to secure them.”
To better defend themselves they shouldn't rely on walling off data, he added.
“History has shown us that perimeter defenses, whether they are stone walls or firewalls, will be breached,” Gonen said. “Companies also need to attach security directly to the data itself using technology like strong encryption and user authentication. That way, only those who have access to the data can get it, and if the data is stolen it is useless to thieves.”