Gemalto’s analysis of the so-called “Year of Breaches” is in, and the numbers are shocking: According to estimates, 245,919,393 records were breached in the first half of 2015 across 888 distinct incidents — an average of 1.35 million files per day, or 16 every second.
The top 10 breaches — among them the catastrophic OPM hack that compromised personal identity information, including some finger prints, of 22.1 million Americans — accounted for 82 percent of the exfiltrated files. Perturbingly, half of all breaches did not yield exact figures on the quantity of stolen files, meaning the numbers could potentially be even higher than reported.
“More and more organizations are accepting the fact that, despite their best efforts, security breaches are unavoidable,” the report quoted an unnamed Gemalto analyst.
The largest breach, of U.S. based insurance provider Anthem Insurance, compromised a staggering 78.8 million files, earning a Gemalto Breach Level Index of 10 — the most severe on a scale that accounts for the source of the breach, total data stolen and the nature of the data.
Unsurprisingly, malicious outsiders were found to be the cause of the majority — 546, or 61.5 percent — of breaches. Accidental loss ranked in second, with 197 discrete incidents accounting for 22.2 percent of breaches. Malicious insiders, hacktivists and state-sponsored actors rounded out the figures with 107, 19, and 7, respectively. Despite perpetrating the fewest individual hacks, state-sponsored hackers stole 101.5 million files, about 41.3 percent of the total — a marked increase from the 1.1 percent identified in 2013 and 2014.
As with past years, the health care industry was the largest target of hacking during this period, garnering 187 breaches — 21.2 percent of the total. Financial services followed close behind, accounting for 16.1 percent of breaches. Government saw 140 breaches, yet still lost 77.2 million records, compared to financial services’ loss of only 683,133.
“In today’s environment, the core of any security strategy needs to shift from ‘breach prevention’ to ‘breach acceptance,’” the report stated. It cited figures indicating that of all $32.6 billion that enterprises spent on security in 2015, $20.2 billion went solely to perimeter security. Businesses, Gemalto argues, must adapt to a “secure breach” mindset, where the object is not preventing breaches but rather controlling them.
“It’s not a question IF your network will be breached, the only question is WHEN,” the report concludes. “With the velocity of business accelerating, new technologies are being deployed constantly and new and sophisticated attacks are being launched regularly, is it not inevitable that it is only a matter of time before your business is hacked.”