Security firm Gemalto released a report on 2014 data breaches recently and the news was not good.

In its latest Breach Level Index report, the company revealed that one billion records were compromised last year in more than 1,500 data breaches worldwide. Compared to 2013, those numbers are an increase of nearly 80 percent in terms of data records and more than 40 percent in terms of breaches overall.

Gemalto’s Breach Level Index calculates the severity of data breaches across multiple dimensions based on breach disclosure information. Among the notable attacks included in the report are the Home Depot breach, the attack on JP Morgan Chase and the attack on eBay. 

“Easily at the top of the list in terms of the number of breaches was North America with 1,164 breaches, accounting for about three quarters of all breaches (76%),” according to the report. “Those attacks involved more than 390 million records, or 38% of the total.”

According to the data in the BLI, the main motive for cyber-criminals in 2014 was identity theft. Fifty-four percent of all data breaches were identity-theft related – more than any other category, including access to financial data. In addition, identity theft breaches accounted for one-third of the most serious incidents. Incidents where the compromised data was encrypted in part or in full increased from one percent to four percent.

“We’re clearly seeing a shift in the tactics of cybercriminals, with long-term identity theft becoming more of a goal than the immediacy of stealing a credit card number,” said Tsion Gonen, vice president of strategy for identity and data protection at Gemalto, in a statement. “Identity theft could lead to the opening of new fraudulent credit accounts, creating false identities for criminal enterprises, or a host of other serious crimes. As data breaches become more personal, we’re starting to see that the universe of risk exposure for the average person is expanding.” 

Broken down by industry, retail and financial services experienced the most activity compared to other sectors. Retail companies saw an increase in data breaches compared to 2013, and accounted for 11 percent of all breaches in 2014, according to the report. However, in terms of data records compromised, the percentage of retail records jumped drastically, from 29 percent to 55 percent. This was due in large part to attacks on point-of-sale systems, according to the report. 

In the case of the financial sector, the number of breaches remained relatively unchanged, though the average number of records lost per breach increased ten-fold. Overall, the number of data breaches involving more than 100 million compromised data records doubled compared to 2013. Most of the time, the malicious activity was traced to an outsider (55 percent), though 25 percent of incidents were tied to accidental loss. Fifteen percent were linked to a malicious insider. 

“Not only are data breach numbers rising, but the breaches are becoming more severe,” said Gonen. “Being breached is not a question of ‘if’ but ‘when.’  Breach prevention and threat monitoring can only go so far and do not always keep the cyber criminals out. Companies need to adopt a data-centric view of digital threats starting with better identity and access control techniques such as multi-factor authentication and the use of encryption and key management to secure sensitive data. That way, if the data is stolen it is useless to the thieves.” 

The full report can be read here.

Tags:

• NEWS & INDUSTRY
• Cybercrime

Analyst firm Gartner is predicting that by 2017, the focus of endpoint security breaches will shift to mobile devices such as tablets and smartphones.

With nearly 2.2 billion smartphones and tablets expected to be sold in 2014, Gartner believes attackers will continue to pay more attention to mobile devices. By 2017, 75 percent of mobile security breaches will be the result of mobile application misconfigurations, analysts said.

“Mobile security breaches are — and will continue to be — the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices,” said Dionisio Zumerle, principal research analyst at Gartner, in a statement. “A classic example of misconfiguration is the misuse of personal cloud services through apps residing on smartphones and tablets. When used to convey enterprise data, these apps lead to data leaks that the organization remains unaware of for the majority of devices.”

Doing significant damage in the world of mobile devices requires that malware be launched on devices that have been altered at the administrative level, Zumerle argued. While jailbreaking or rooting phones allows users to access device resources that are not normally accessible, they also put data in danger because they remove app-specific protections as well as the safe ‘sandbox’ provided by the operating system, he said, adding that they can also allow malware to be downloaded to the device and enable malicious actions.

“The most obvious platform compromises of this nature are ‘jailbreaking’ on iOS or ‘rooting’ on Android devices. They escalate the user’s privileges on the device, effectively turning a user into an administrator,” he said.

Gartner recommends organizations protect mobile devices using a mobile device management policy as well as app shielding and containers that protect important data. In addition, passcodes should be used alongside timeout standards and a limited number of retries. Jailbreaking or rooting devices should not be allowed.

“We also recommend that they favor mobile app reputation services and establish external malware control on content before it is delivered to the mobile device,” Zumerle said.

Tags:

• Mobile Security
• NEWS & INDUSTRY