Data Leaks in 2016 - Preliminary Results of the Year
So far, the situation with data leaks, emerging in 2016, does not look comforting. According to the recently published results of the World Data Loss Severity Index (Breach Level Index, BLI), in the first half of 2016, 974 serious data leaks were publicly recorded, as a result of which 554 million data records were stolen or lost. And however bad these statistics may seem, the sad truth is that this is just the tip of the iceberg.
Compared to the previous six months, the situation has worsened: in the first half of 2016, the number of compromised data records was 31% more than in the second half of 2015, when 424 million data records were stolen or lost.
In the data leakage severity index, only publicly recorded data leaks are taken into account, that is, the total number - 974 data leaks for the first half of 2016 is reliable information.
')
Unfortunately, many organizations in which data leaks were recorded from January to June 2016 either do not yet have complete information on the total number of compromised data records, or have not yet informed the regulators or the general public about the leaks.
Moreover, in fact, we do not have the exact number of compromised data records in 52% of all cases of leaks recorded in the first half of 2016.
This means that the number of compromised data recorded to date - 554,454,942 data records - is valid only for the most favorable scenario, and most likely this number will increase significantly as more information becomes available.
Here, it would seem, is a simple cybersecurity question: what type of data is compromised most often? If you are not familiar with the results of previous leaks criticality indexes, then most likely you will say that we are talking about financial data. However, it is not.
The share of personal data theft accounted for 64% of all data breaches recorded in the first half of 2016 - or 621 incidents, which resulted in more than 294 million data records being stolen (53% of all stolen or lost data records).
For comparison, the number of leaks, as a result of which attackers gained access to financial data, accounted for only 16% of all data leaks in the first six months of 2016, and the number of leaks, as a result of which account data was stolen, was only 11.1% of all data leaks.
“Existential” data breaches (that is, data that represents critical company assets, such as intellectual property) and minor attacks (nuisance attacks — which only compromised user names and their connections were compromised) were, respectively, the remaining 5% and 4% all cybersecurity incidents.
Since 2013, when data on various incidents in the field of IT security began to be published in the Data Leakage Criticality Index, theft of personal data remains the most common type of leak. And the share of these leaks in the overall structure continues to grow.
And comparing the results of the first half of 2016 and the second half of 2015, we can see that the prevalence of leaks associated with the theft of personal data increased by 38%.
Given that the theft of personal data is the most common type of leak, it’s not surprising that 69% of the leak in the first half of 2016 was from outsiders. This is 58% more than in 2015.
In the first half of 2016, the actions of hacker activists accounted for only 3% of all attacks, and 1% - to the share of attacks commissioned by governments. However, if you add up these shares with attacks by third-party intruders, it turns out that as many as 73% of all IT security incidents came from outside the attacked companies.
However, this does not mean that IT managers worry in vain about the threats emanating from inside the company. In the total number of incidents, 18% and 9% were due, respectively, to unintended and deliberate actions by employees of the companies themselves.
Despite the very considerable number of random data leaks, it is important to note that in fact, compared to the second half of 2015, their number decreased by 14% - perhaps this is due to the fact that the measures taken to ensure security within companies are starting to take effect.
If we estimate the total number of effective data leakages in 2016 by industry, then the government was the most affected segment. As a result, 137 leaks (or 14% of all leaks in the first half of the year), 318 million data records stored in government or other government agencies were lost or stolen, and they constitute 57% of all data records compromised in the first half of the year.
In other words, while data leakage in the public sector itself occurs less frequently than in other industries, as a result of these incidents, cybercriminals can gain access to huge amounts of data.
These 318 million data records have almost reached the number of stolen / lost data records in the public sector in 2015, when it accounted for 43% of all compromised data records. And then, and now the public sector accounts for the largest share of all compromised records.
More than 302 million data records were compromised with just three leaks, all of which were related to the conduct of elections.
As a result of two separate incidents, unauthorized databases containing information about voters in the US and Mexico turned out to be in the hands of the attackers, and in the third incident, the local hacker group Anonymous Philippines hacked the website of the Philippine Election Commission just one month before the third automated picks
Although by the number of stolen / lost data records the unenviable palm belongs to state institutions, the largest number of data breaches in the first half of 2016 was recorded in the health care industry - 263 incidents, which is 27% of the total data leaks.
If the public sector has the largest number of compromised records per leak, then although the health sector organizations have the largest number of leaks, the number of compromised data records here is only 30,017,528, or 5% of the total number of compromised records.
But why, despite the fact that the health sector has the largest number of leaks, the number of stolen data records is so small here?
Perhaps the fact is that, although the leaks occurred in a large number of organizations, each of them contained only relatively small amounts of data that were stolen by hackers. If you have your own thoughts on this, share them in the comments.
While in the public sector, we saw 150 million records compromised by a database of American voters, the largest leak in the healthcare industry in the first half of 2016 (by the number of compromised records) “only” 10 million data records were lost. .
In particular, we are talking about an attack on the servers serving Turkish hospitals, which was carried out by a member of the Anonymous group in order to steal the patient's medical data, as well as the personal data of the medical staff. It is believed that this incident was to serve as a kind of act of retaliation for cyber attacks on American hospitals, which, presumably, were undertaken by Turkish hackers.
Although, of course, tens of millions of compromised records are still better than hundreds of millions of such records, it is unlikely that any organization wished to voluntarily find itself in such a situation.
Retailers accounted for 102 leaks and 16.3 million compromised data records. At first glance, there is nothing outstanding in these figures, but statistics regarding the sources of these leaks attract attention.
In 27% of all retail incidents, attackers used skimmers installed at gas stations to obtain credit card details of car owners. This is confirmed by reports from local law enforcement agencies, which indicate a growing number of fraudulent transactions emanating from gas stations. All this is rather sad, but quite predictable, because gas stations are still easy prey for scammers.
If from other retailers international payment networks, such as Visa and MasterCard, already require support for chipged EMV cards , the implementation time for this gas station has been extended until October 2017, due to the high cost and complexity of upgrading gas station payment terminals.
Financial data leaks:
Data Leaks in Education:
Data leakage in technology companies:
Leaks in other industries:
Mostly in North America, and especially in the USA.
It was in the United States that 728 of the 974 incidents recorded in the first half of 2016 worldwide occurred. If we compare the number of incidents in the United States and the rest of the world, in the United States there are 1193% more incidents recorded than in the UK (61 leaks), which is second in the ranking.
However, it is important to note here that, depending on the region, the legislation regarding the publication of information on data leaks can be very different, so we have some skepticism about such a large separation of the USA from the rest of the world.
In this regard, it will be curious to see whether the adoption in the European Union of the General Regulations for the Protection of Personal Data (GDPR) will lead to an increase in the number of European companies disclosing information about data leaks, and, accordingly, to an increase in disclosed leaks in this region.
Incidents for the first half of 2016:
Of course, in this material we have covered far from everything that should be known about the state of cyber security, how data leaks affect different industries and regions, and what changes are needed to effectively counter the growing number of incidents in future and prevent further deterioration of the situation.
For more information, visit the Breachlevelindex.com website, where historical information is collected and current data on leaks is presented, and follow our blog.
Statistics of data leaks in the first half of 2016:
- 3.04 million data records are compromised every day
- 126,936 data records are compromised every hour
- 2,116 data records are compromised every minute
- 35 data records are compromised every second
Compared to the previous six months, the situation has worsened: in the first half of 2016, the number of compromised data records was 31% more than in the second half of 2015, when 424 million data records were stolen or lost.
Unfixed Data Loss Damage
In the data leakage severity index, only publicly recorded data leaks are taken into account, that is, the total number - 974 data leaks for the first half of 2016 is reliable information.
')
Unfortunately, many organizations in which data leaks were recorded from January to June 2016 either do not yet have complete information on the total number of compromised data records, or have not yet informed the regulators or the general public about the leaks.
Moreover, in fact, we do not have the exact number of compromised data records in 52% of all cases of leaks recorded in the first half of 2016.
This means that the number of compromised data recorded to date - 554,454,942 data records - is valid only for the most favorable scenario, and most likely this number will increase significantly as more information becomes available.
The most common targets and sources of leaks in 2016
Here, it would seem, is a simple cybersecurity question: what type of data is compromised most often? If you are not familiar with the results of previous leaks criticality indexes, then most likely you will say that we are talking about financial data. However, it is not.
The share of personal data theft accounted for 64% of all data breaches recorded in the first half of 2016 - or 621 incidents, which resulted in more than 294 million data records being stolen (53% of all stolen or lost data records).
For comparison, the number of leaks, as a result of which attackers gained access to financial data, accounted for only 16% of all data leaks in the first six months of 2016, and the number of leaks, as a result of which account data was stolen, was only 11.1% of all data leaks.
“Existential” data breaches (that is, data that represents critical company assets, such as intellectual property) and minor attacks (nuisance attacks — which only compromised user names and their connections were compromised) were, respectively, the remaining 5% and 4% all cybersecurity incidents.
Since 2013, when data on various incidents in the field of IT security began to be published in the Data Leakage Criticality Index, theft of personal data remains the most common type of leak. And the share of these leaks in the overall structure continues to grow.
And comparing the results of the first half of 2016 and the second half of 2015, we can see that the prevalence of leaks associated with the theft of personal data increased by 38%.
Is hackers to blame?
Given that the theft of personal data is the most common type of leak, it’s not surprising that 69% of the leak in the first half of 2016 was from outsiders. This is 58% more than in 2015.
In the first half of 2016, the actions of hacker activists accounted for only 3% of all attacks, and 1% - to the share of attacks commissioned by governments. However, if you add up these shares with attacks by third-party intruders, it turns out that as many as 73% of all IT security incidents came from outside the attacked companies.
However, this does not mean that IT managers worry in vain about the threats emanating from inside the company. In the total number of incidents, 18% and 9% were due, respectively, to unintended and deliberate actions by employees of the companies themselves.
Despite the very considerable number of random data leaks, it is important to note that in fact, compared to the second half of 2015, their number decreased by 14% - perhaps this is due to the fact that the measures taken to ensure security within companies are starting to take effect.
Data leaks in public institutions
If we estimate the total number of effective data leakages in 2016 by industry, then the government was the most affected segment. As a result, 137 leaks (or 14% of all leaks in the first half of the year), 318 million data records stored in government or other government agencies were lost or stolen, and they constitute 57% of all data records compromised in the first half of the year.
In other words, while data leakage in the public sector itself occurs less frequently than in other industries, as a result of these incidents, cybercriminals can gain access to huge amounts of data.
These 318 million data records have almost reached the number of stolen / lost data records in the public sector in 2015, when it accounted for 43% of all compromised data records. And then, and now the public sector accounts for the largest share of all compromised records.
More than 302 million data records were compromised with just three leaks, all of which were related to the conduct of elections.
As a result of two separate incidents, unauthorized databases containing information about voters in the US and Mexico turned out to be in the hands of the attackers, and in the third incident, the local hacker group Anonymous Philippines hacked the website of the Philippine Election Commission just one month before the third automated picks
Data leaks in the healthcare industry in 2016
Although by the number of stolen / lost data records the unenviable palm belongs to state institutions, the largest number of data breaches in the first half of 2016 was recorded in the health care industry - 263 incidents, which is 27% of the total data leaks.
If the public sector has the largest number of compromised records per leak, then although the health sector organizations have the largest number of leaks, the number of compromised data records here is only 30,017,528, or 5% of the total number of compromised records.
But why, despite the fact that the health sector has the largest number of leaks, the number of stolen data records is so small here?
Perhaps the fact is that, although the leaks occurred in a large number of organizations, each of them contained only relatively small amounts of data that were stolen by hackers. If you have your own thoughts on this, share them in the comments.
While in the public sector, we saw 150 million records compromised by a database of American voters, the largest leak in the healthcare industry in the first half of 2016 (by the number of compromised records) “only” 10 million data records were lost. .
In particular, we are talking about an attack on the servers serving Turkish hospitals, which was carried out by a member of the Anonymous group in order to steal the patient's medical data, as well as the personal data of the medical staff. It is believed that this incident was to serve as a kind of act of retaliation for cyber attacks on American hospitals, which, presumably, were undertaken by Turkish hackers.
Although, of course, tens of millions of compromised records are still better than hundreds of millions of such records, it is unlikely that any organization wished to voluntarily find itself in such a situation.
Data leaks at retailers in 2016
Retailers accounted for 102 leaks and 16.3 million compromised data records. At first glance, there is nothing outstanding in these figures, but statistics regarding the sources of these leaks attract attention.
In 27% of all retail incidents, attackers used skimmers installed at gas stations to obtain credit card details of car owners. This is confirmed by reports from local law enforcement agencies, which indicate a growing number of fraudulent transactions emanating from gas stations. All this is rather sad, but quite predictable, because gas stations are still easy prey for scammers.
If from other retailers international payment networks, such as Visa and MasterCard, already require support for chipged EMV cards , the implementation time for this gas station has been extended until October 2017, due to the high cost and complexity of upgrading gas station payment terminals.
Data leakage in other industries
Financial data leaks:
- 12% of the total number of leaks (118 incidents)
- 2% of the total number of compromised data (12,320,624 records)
- The largest leak: Mossack Fonseca; 11.5 million data records compromised
Data Leaks in Education:
- 11% of the total number of leaks (102 incidents)
- 1% of the total number of compromised data (3,153,818 records)
- Largest leakage: Indian Institute of Management in Ahmedabad (IIM-A); 2 million data records compromised
Data leakage in technology companies:
- 9% of the total number of leaks (90 incidents)
- 16% of the total number of compromised data (88,586,561 records)
- Largest incident: Verticalscope; 45 million data records compromised
Leaks in other industries:
- 16% of the total number of leaks (159 incidents)
- 16% of the total number of compromised data (85,830,644 records)
- Largest leak: Fling.com; 40 million data records compromised
Where exactly did all these leaks occur?
Mostly in North America, and especially in the USA.
It was in the United States that 728 of the 974 incidents recorded in the first half of 2016 worldwide occurred. If we compare the number of incidents in the United States and the rest of the world, in the United States there are 1193% more incidents recorded than in the UK (61 leaks), which is second in the ranking.
However, it is important to note here that, depending on the region, the legislation regarding the publication of information on data leaks can be very different, so we have some skepticism about such a large separation of the USA from the rest of the world.
In this regard, it will be curious to see whether the adoption in the European Union of the General Regulations for the Protection of Personal Data (GDPR) will lead to an increase in the number of European companies disclosing information about data leaks, and, accordingly, to an increase in disclosed leaks in this region.
Summarizing statistics
Incidents for the first half of 2016:
- In total, 554 million data records were stolen or lost in the first half of 2016.
- Personal data theft was the most common form of data leakage.
- The largest number of leaks was again due to the actions of outsiders.
- The number of stolen / lost data records was dominated by organizations and institutions of the public sector.
- The largest number of data leaks recorded in the organizations of the health care industry.
- The largest number of incidents recorded in the United States.
Of course, in this material we have covered far from everything that should be known about the state of cyber security, how data leaks affect different industries and regions, and what changes are needed to effectively counter the growing number of incidents in future and prevent further deterioration of the situation.
For more information, visit the Breachlevelindex.com website, where historical information is collected and current data on leaks is presented, and follow our blog.
Source: https://habr.com/ru/post/314352/
All Articles