Published: 21/02/18 by Becky Ashton
New research has revealed the full extent of the data breach problem, with a record total of 5,207 breaches occurring during 2017.
7.89 billion records were compromised over the year but the reality of the situation is not actually quite as bad as it may at first sound.
The numbers, from Risk Based Security who compiled the report, might be up on the previous year but 72% of all data records exposed actually came from just five mega breaches.
Hacking, unsurprisingly, remained the top method used to obtain data (55.8%) but 68.7% of all information exposed came courtesy of “unintentional web-borne exposure due to accidental leaking online and misconfigured services and portals”.
As many as 5.4 billion records were exposed in this way, while hacks accounted for 2.3 billion records being released.
The research revealed that both the number of total breaches and total records exposed each rose by 24% on the previous year.
“These were misconfigured services, faulty backups, that sort of administrative error that leads to those data sets then being open and exposed to the Internet,” explains Inga Goddijn, executive vice president of Risk Based Security,
The research revealed that most of the reported breaches occurred in the business sector (39.4%), followed by medical (8.1%), government (7.2%), and education (5.3%).
But how completely accurate those figures are remains to be seen, with 40% of the breaches coming from organisations that were not identifiable.
“We are still getting information on organisations that had employee or customer data exposed as part of that Sabre breach,” including hotels and travel organizations, Goddijn told www.darkreading.com.
“They [Sabre] never came out and said how big it was, but it has been one of the larger ones”
As businesses suffered the most breaches it’s unsurprising that they also suffered the most exposed records (82.9%) with the government in second place with 3.7% – again 12.4% of the sectors were not identifiable from the public disclosure information.
As a country the US suffered the most reported breaches, with 2,330, followed by the UK (184), Canada (116), India (78), and Australia (62).
But these numbers did not reflect the rankings for the number or lost records. China topped that list with 11.8 million, ahead of South Africa in second place (6.7million) and South Korea (1 million). To put in perspective the US recorded just 1,458, so while they were hit the most often the impact was far less.
The introduction of GDPR, which comes into effect in May, could dramatically affect these figures by this time next year as they include rules for a mandatory breach notification.
Currently, the US could just be a victim of their own stringent rules, which means they are forced to report more breaches than the UK and the rest of Europe.
Are you ready for those changes, which now come in in less than three months? If not let us help with our handy tips.
10th Floor, 3 Hardman Street
1st Floor, 138a Main Street