Page 3 - BLI Annual Report 2014
P. 3

Many information security experts will remember 2014 as the
year of the big breaches—and
with good reason. In addition to several high-proile hack attacks, the year included a number of lesser-known incidents that nevertheless resulted in signiicant theft of records, according to a comprehensive analysis of security breaches, conducted by Gemalto through data collected in its Breach Level Index.
To produce this report, Gemalto, a leading global provider of digital security solutions, has gathered extensive publicly-available information about data breaches throughout the world.
This data is aggregated in the Breach Level Index, a database the company maintains on data breaches globally. The information is analyzed in terms of the number of breaches, the number of data records lost, and data breaches
by industry, type of breach, source and by country or region.
Clearly, the numbers were up in 2014. Data breaches totaled 1,540, up 46% from the 1,056 in 2013.
Even more dramatic was the rise in data records involved in the breaches. That jumped 78%, from about 575 million in 2013 to more than one billion in 2014.
From a time perspective, in 2014 some 2,803,036 data records were stolen or lost every day, 116,793 every hour, 1,947 every minute and 32 every second. So igure in about the time it took to read the previous sentence, about 400 data records would have been stolen or lost based on the 2014 data breach statistics.
And despite the growing interest of encryption technology as a means to protect for information and privacy, only 58 of the data breach incidents in 2014, or less than 4% of the total, involved data that was encrypted in part or in full.
But beyond the numbers was
the social, economic and even political impact of the breaches. Some of the most high proile data breaches ever, including the ones against retailer Home Depot and entertainment company
Sony Pictures Entertainment, occurred in 2014. And the year
INTRODUCTION
2014
YEAR IN REVIEW
began with the Target breach of the previous year, another high- proile attack, still very much on the public’s mind.
Many of the breaches in 2014 involved the theft or compromise of identiiable information, such as names, addresses and social security numbers. In comparison, many of the thefts of 2013 involved inancial information such as credit card numbers.
Following are some of the most notable examples of data breaches in 2014, including the number of records stolen, type of breach and risk assessment score. The score is calculated based on factors such as total number of records breached, the type of data in the records, the source of the breach and how the information was used.
A score of 1 to 2.9 is minimal risk, 3 to 4.9 is moderate, 5 to 6.9 is critical, 7 to 8.9 is severe and 9 to 10 is catastrophic. The point of the scoring system in the Breach Level Index is to demonstrate that not all breaches have the same impact on organizations and amount of risk.
3


































































































   1   2   3   4   5