Data breaches increased 15% in the first six months of 2016 compared to the last six months of 2015.
This is according to Gelmato's recent Breach Level Index which notes worldwide, there were 974 reported data breaches and more than 554 million compromised data records in the first half of 2016, compared to 844 data breaches and 424 million compromised data records in the previous six months.
In addition, 52% of the data breaches in the first half of this year did not disclose the number of compromised records at the time they were reported, says the index.
It says more than 4.8 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches.
For the first six months of 2016, identity theft was the leading type of data breach, accounting for 64% of all data breaches, up from 53% in the previous six months, notes the index.
Malicious outsiders were the leading source of data breaches, accounting for 69% of breaches, up from 56% in the previous six months, it adds.
The increased targeting of individuals' identities and their personal information such as the data breaches involving government and healthcare organisations exposed just how valuable this information has become to cyber criminals, says Gelmato.
It notes while credit cards have built in security mechanisms that limit the exposure and risk for individuals if they are stolen, theft of personally identifiable information is something totally different as more damage can be done with stolen identities and they are also more difficult to recover.
In Africa, the number of data breaches tripled in the first six months of 2016 as compared to the last six months of 2015, says Neil Cosser, identity and data protection manager for Africa at Gemalto. Government accounted for 50% and financial institutions 25% of all breaches in Africa, notes Cosser.
In SA, the number of reported data breaches doubled in the first half of 2016, he adds.
"It's important to note that these relate to publically reported breaches only and, as such, figures could be even more alarming."
With government (57% of breaches) and financial institutions (14%) clearly being targeted, it's important for organisations to start thinking of a long-term solution to protect their data, like data encryption and not to focus purely on perimeter security."
The Norton Cybersecurity Insights Report, says over 8.8 million South Africans fell victim to cyber crime in the past year.
The two cyber crime experiences that were most prevalent, according to consumers in SA, were account and password compromises and credit/debit card fraud, says David Ribeiro, head of Norton, Middle East and Africa.
Jason Hart, vice president and chief technology officer for data protection at Gemalto, says over the past 12 months hackers have continued to go after both low-hanging fruit and unprotected sensitive personal data that can be used to steal identities.
"The theft of user names and account affiliation may be irritating for consumers, but the failure of organisations to protect sensitive personal information and identities is a growing problem that will have implications for consumer confidence in the digital services and companies they entrust with their personal data."
According to the index, while 2016 might not have had as many headline-grabbing data breaches as of yet, it certainly has seen a continuation of the large-scale assaults that have made cyber security a top priority for senior business executives and boards of directors at many companies.
And what makes the large-scale data breaches somewhat disconcerting is that they came despite the fact that so many enterprises are supposedly bolstering their defences in response to previous high-profile breaches, it adds.
"In this increasingly digital world, companies, organisations and governments are storing greater and greater amounts of data that has varying levels of sensitivity. At the same time, it is clear that data breaches are going to happen and that companies need to shift from a total reliance on breach prevention to strategies that help them secure the breach," says Hart.
That is why more focus needs to be understanding what really constitutes sensitive data, where it is stored, and using the best means to defend it, he adds.
"At the end of the day, the best way to protect data is to kill it. That means ensuring user credentials are secured with strong authentication and sensitive data is protected with encryption so it is useless to the thieves."
Share