Millions of individuals are being robbed of personal information around the world as the hacking of company data has rocketed since 2010, according to a report by KPMG. The Data Loss Barometer, which tracks global trends for lost and stolen information, has found that external data leaks have affected more than 160 million people in 2012 through 835 separate incidences. This was a jump of more than 40% on the year before. And hacking accounted for 67% of the data loss by number of incidents.
But while in previous years hackers were just as likely to focus on stealing medical records or government information, the hacking of information held by businesses has jumped globally from only 8% of total incidents in 2010 to a shocking 52% in 2012.
Malcolm Marshall, Global Partner in charge of Information Protection for KPMG, said: “What we are witnessing is a shift from the accidental loss of data to deliberate theft – either to steal or re-sell that data or sometimes simply for sport or to make a great headline.
“Several of the world’s largest companies have been targeted over recent months by hackers who have grown in sophistication. It is now not just a lone hacker sitting in their bedroom but, in many cases, serious organisations backed by nation states who are leading this new phenomenon.”
Indeed, media companies out of all sectors both private and public, witnessed the highest incidence of hacking, with 98% of all data loss in 2012 accounted for in this way. The category of “organisations” referring to bodies such as clubs, unions and community centres were not far behind at 94% while retail was the third highest identified sector with 76%.
The severity of the issue was highlighted by the research in that “personally identifiable information” such as names and credit card information which can be used to identify a single person, remains by far the biggest reason for breaches of security at 46% in 2012. This compares with the next largest identified sector of password information that accounted for only 16% of incidents, although this had increased from just 5% in 2011.
But this is only the tip of the iceberg. Marshall points out that these statistics typically only include incidents where there is an obligation to report or where the breach has entered the public domain.
“Incidents which involve the loss or theft of commercial data that does not relate to individuals goes largely unreported. Hacking is now widespread and the attackers range from the intellectually curious through to sophisticated nation states, the targets range from safety-critical processing systems through to price sensitive deal data.”
While companies have borne the brunt of interest from hackers, the public sector including Governments and education facilities around the world are still struggling with their own security breaches – both internal and external – recording 16% of the total number of incidents respectively.
But interestingly, the healthcare sector, which has previously struggled with data security, noted a sharp drop in the number of breaches from a high of 25% of all incidents in 2010, to just 8% in 2012.
Marshall commented: “When it comes to confidentiality, public sector organisations are no different to business in the private sector. They both have a duty of care to ensure that personal data remains secure. At least the health sector has recognised this and taken steps to minimise the chances of a security breach – but in an environment where cuts are the currency of the moment, there is a very real risk that other parts of the public sector will not follow. It’s a situation that cannot be allowed to continue because, left unchecked, it will quickly get out of control.”
More positive news was also seen from within both companies and public sector organisations whose efforts to tackle security from the inside looks to be bearing fruit as internal security breaches more than halved from 435 in 2011 to 198 in 2012. However the cost of human carelessness and systems errors still accounted for 4% of data loss and physical theft of PCs, hardware and mobile devices accounted for 11% of all data loss this year.
Some ways that organisations can reduce the amount of data loss include:
- Reviewing the amount of data leaked online and through public facing documents of metadata. These are easy targets for hackers
- Ensuring internet-facing systems are kept fully patched and updated
- Educating everyone within the organisation about the value and sensitivity of the information they possess and how they can protect it physically and online
- Backing up employee training with procedures and a corporate culture that takes security of information seriously.