We are more than half way into 2015, with enough time now to assess the impact data breaches have had on organizations this year. The reports so far indicate a growth in targeted attacks, and continued attacks on the healthcare industry.
According to ITRC as of September 8th, there have been 541 breaches in the US affecting more than 140 million records in 2015, well on the way to overtaking the figures from 2014. Businesses and healthcare top the list for the highest number of data breaches, but the number of records exposed per breach is disproportionately higher in healthcare, where healthcare makes up 35% of breaches but 78% of breached records.
On a worldwide level, Gemalto notes that in the first 6 months of 2015, there were 888 data breaches affecting 246 million records. The figures represent a 10% increase in the number of breaches and a 41% reduction in the number of compromised records, attributed to fewer mega breaches, which were a big player in the retail industry in 2014. Of course, large breaches continue to happen, as we’ve seen with Anthem and the OPM; these two also represent the largest state-sponsored breaches of the year. It’s clear that some attacks are more targeted, looking for these big payouts; in healthcare, there was a 200% increase in the average size of data breach, with an average of 450,000 records per breach in 2015.
While malicious outsiders account for the most data breaches from both reports, this can give an unclear view of how to protect data. “Malicious outsiders” implies a brute force attack against a network, while the reality is much more complex. For example, a phishing attack or a lost device may expose a password, which is used to gain access to the network.
When reading reports like these, it’s important to remember that the best data protections involve a depth-of-defense or layered approach, one which encompasses education, policy and technologies to protect data from a wide variety of risk points. Absolute customers rely on us to provide them with a unique and trusted layer of security so they can manage mobility while remaining firmly in control. By providing them with a persistent connection to all of their devices, our customers can secure endpoints, assess risk, and respond appropriately to security incidents. Learn more at Absolute.com