Data breach: Up against the (fire)wall

Picture for illustrative purposes

Data breach has been a prime concern of businesses and with an increase in attacks companies need to be more alert and deploy effective measures against the menace.
The Middle East region has recorded a spurt in data breaches by 16.67 per cent, according to the latest research by Gemalto in its 2016 Breach Level Index, or BLI. Additionally, 45.2 million data records were compromised compared to 38.5 million in 2015, across the region during the same period. Globally, 1.4 billion data records were compromised in 2016 as hackers targeted large-scale databases across industries.
The BLI is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and if the data was encrypted. Last year 4.2 per cent of the total number of breach incidents involved data that had been encrypted in part or in full, compared to four per cent in 2015. In some of these instances, the password was encrypted, but other information was left unencrypted. However of the almost 1.4 billion records compromised, lost or stolen in 2016, only six per cent were encrypted partially or in full (compared to two per cent in 2015).

According to the BLI, more than seven billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. Breaking it down that is over three million records compromised every day or roughly 44 records every second.
Worldwide, 1,792 data breaches led to almost 1.4 billion data records compromised worldwide during 2016, an increase of 86 per cent compared to 2015. Identity theft was the leading type of data breach in 2016, accounting for 59 per cent of all data breaches.
"Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organisations. Encryption and authentication are no longer 'best practices' but necessities. This is especially true with new and updated government mandates like the upcoming General Data Protection Regulation (GDPR) in Europe, US state-based and APAC country-based breach disclosure laws. However, it's also about protecting your business's data integrity so the right decisions can be made on your reputation and your profits," said Sebastien Pavie, regional director, MEA, Identity and Data Protection, Gemalto.
The healthcare industry accounted for 28 per cent of global data breaches, rising 11 per cent compared to 2015. However, the number of compromised data records in healthcare decreased by 75per cent since 2015. Education saw a five per cent decrease in data breaches between 2015 and 2016 and a drop of 78 per cent in compromised data records. Government accounted for 15per cent of all data breaches in 2016. However the number of compromised data records increased 27 per cent from 2015. Financial services companies accounted for 12 per cent of all data breaches, a 23 per cent decline compared to the previous year.
All industries listed in the other category represented 13 per cent of data breaches and 36 per cent of compromised data records. In this category, the overall number of data breaches decreased by 29 per cent, while the number of compromised records jumped by 300 per cent since 2015. Social media and entertainment industry related data breaches made up the majority.
Scott Manson, Cyber Security Leader for Middle East and Turkey, Cisco, said: "We found that 80 per cent of data breaches originate from third parties. To reduce risk, organisations must foster a value chain where trust is not implicit and security is everyone's responsibility. As a foundational step toward achieving this goal, organisations should: Identify the key players in their third-party ecosystem and understand what those third parties deliver; develop a flexible security architecture that can be shared with and deployed across the variety of third parties in that ecosystem; assess whether those third parties are operating within the tolerance levels set by the organisation's security architecture and be alert to new security risks that the ecosystem may present as digitisation increases."
In 2016, globally, identity theft was the leading type of data breach, accounting for 59 per cent of all data breaches, up by five per cent from 2015. The second most prevalent type of breach in 2016 is account access based breaches. While the number of this type of data breach decreased by three per cent, it made up 54 per cent of all breached records, which is an increase of 336 per cent from the previous year. This highlights the cybercriminal trend from financial information attacks to bigger databases with large volumes of personally identifiable information. Another notable data point is the nuisance category with an increase of 102 per cent accounting for 18 per cent of all breached records up 1,474 per cent since 2015.
"The BLI highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organisations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid, said Pavie.
Mimecast MEA has discovered that more than 91 per cent of cyberattacks start with email. The company advises that it is essential that business have a multi-layered cyber resilience strategy that includes advanced security solutions to protect them from targeted threats in the form of malicious URLs, attachments and malicious insiders within businesses. It is equally as important that organisations educate their employees on how to interrogate their emails and essentially build a human firewall to ward off the evolving cyber threats that are affecting every business in the world.
Malicious outsiders were the leading source of data breaches worldwide, accounting for 68 per cent of breaches, up from 13 per cent in 2015. The number of records breached in malicious outsider attacks increased by 286 per cent from 2015. Hacktivist data breaches also increased in 2016 by 31per cent, but only account for 3 per cent of all breaches that occurred last year, according to BLI.
Brandon Bekker, managing director, Mimecast MEA, said: "Top priority for any business in today's volatile threat landscape is to plan, develop and implement a cyber-resilience strategy. A cyber resilience strategy will ensure businesses are prepared in the event of a cyberattack/breach and have the required processes and technology in place to identify, protect, detect, respond, and recover from a cyberattack and/or data breach. Businesses should regularly test their cyber resilience strategy with mock exercises to ensure that they are ready in the event that they experience a cyberattack."
- sandhya@khaleejtimes.com