Featured Article from Software Monetization
Gemalto Releases 2014 Breach Level Index Findings-Good Year for Cybercriminals
Unfortunately, as if we needed confirmation that cybercriminals had a very prosperous year in 2014, digital security solutions provider Amsterdam-based Gemalto (News - Alert) is out with the results of its 2014 Breach Level Index and it paints a disturbing picture.
At a headline level is the big finding was that more than 1,500 data breaches led to one billion data records compromised worldwide during 2014. These numbers represent a 49 percent increase in data breaches and a 78 percent increase in data records that were either stolen or lost compared to 2013. At a more granular level the fact that identity theft continues to top the list of bad guy targets while not a surprise is troubling because so many entities continue to be less than careful even at the basic best practices level.
This really is a case of, “Read them and weep.”
Source: Gemalto 2014 Breach Level Index
The Index has been a much-watched mainstay from security solutions provider SafeNet (News - Alert) (recently acquired by Gemalto) for several years. It is a global database of data breaches as they happen and provides a methodology for security professionals to score the severity of breaches and see where they rank among publicly disclosed breaches. In addition to the raw numbers, the BLI also calculates the severity of data breaches across multiple dimensions based on breach disclosure information.
While there is a trove of information about the top breaches by region, industry and the top companies that were targeted, the increased concentration of both the frequency and severity of identity theft stands out in the Index results:
- The main motivation for cybercriminals in 2014 was identity theft with 54 percent of the all data breaches being identity theft-based, more than any breach category including access to financial data.
- In addition, identity theft breaches also accounted for one-third of the most severe data breaches categorized by the BLI as either Catastrophic (with a BLI score of between 9.0 and 10) or Severe (7.0 to 8.9).
- Even secure breaches, which involved breaches of perimeter security where compromised data was encrypted in full or in part, increased to 4 percent from 1 percent.
The part of the Index which is always food for thought is the part about the source of attacks.
Realities are that while barbarians outside the gates are an obvious challenge, the accidental (25 percent) and malicious insider (15 percent) are alarming because so much of this is preventable.
“We’re clearly seeing a shift in the tactics of cybercriminals, with long-term identity theft becoming more of a goal than the immediacy of stealing a credit card number,” said Tsion Gonen, Vice-President of Strategy for Identity and Data Protection at Gemalto. “Identity theft could lead to the opening of new fraudulent credit accounts, creating false identities for criminal enterprises, or a host of other serious crimes. As data breaches become more personal, we’re starting to see that the universe of risk exposure for the average person is expanding.”
As noted, the desirability and concentration on identity theft can be seen in the facts that such breaches became more severe in 2014 with two-thirds of the 50 most severe breaches. Plus, the number of data breaches involving more than 100 million compromised data records doubled compared to 2013.
Examining the breakouts of the industries being targeted is a good reason to download the findings. As Gemalto highlights, retail and financial services experienced the most noticeable trends compared to other industry sectors in 2014.
- Retail experienced a slight increase in data breaches compared to last year, accounting for 11 percent of all data breaches in 2014.
- I terms of data records compromised, the retail industry saw its share increase to 55 percent compared to 29 percent in 2013 due to an increased number of attacks that targeted point-of-sale systems.
- For the Financial Services sector, the number of data breaches remained relatively flat year over year, but the average number of records lost per breach increased ten-fold to 1.1 million from 112,000.
Gonen added that: "Being breached is not a question of 'if' but 'when.' Breach prevention and threat monitoring can only go so far and do not always keep the cyber criminals out. Companies need to adopt a data-centric view of digital threats starting with better identity and access control techniques such as multi-factor authentication and the use of encryption and key management to secure sensitive data. That way, if the data is stolen it is useless to the thieves."
The last observation by Gonen goes to the heart of the matter and speaks ways in which 2015 does not have to be another banner year for bad guys. As everyone in the security industry says, there is no failsafe solution the can assure 100 percent security of digital assets, however solutions and best practices are readily available to mitigate risks and their adoption could have a major impact when the 2015 breach index is published.
Edited by Maurice Nagle
Software Monetization eBooks
Featured Case Studies
- Apollo Communications Protects its Intellectual Property and Enforces Software Licensing with Gemalto Sentinel
- Cadac Group Cuts Operational Expenses & Gains Licensing Flexibility with Gemalto Sentinel
- Sentinel LDK Assures Revenue, Expands Licensing Flexibility, and Reduces System Management Costs for CAD Software Company
- Softing Industrial Automation Works with Gemalto Sentinel to Monetize the IoT
- Miko Maximizes Software Revenue & Reduces Operational Expenses with Gemalto Sentinel
- Xsens Technologies Streamlines Operations & Expands Revenue with Sentinel
- Structural Test and Monitoring Software Protected by Sentinel Integrated with NI LabVIEW
- Seize the IoT Opportunity
- Format International Replaces Inflexible Software Protection and Licensing Dongles with Sentinel LDK with EMS
- Envitrans Reduces Software Piracy & Expands Revenue with Sentinel LDK and Sentinel EMS Business Challenges
- Snell Protects Valuable IP and Streamlines Licensing Operations with Sentinel RMS & EMS
- Following Several Acquisitions, Sage Implements Sentinel RMS to Harmonize a Multitude of Disparate Licensing Systems- existing on site now
- With SafeNet Sentinel, AEOL Protects their Market-leading Training Software while Driving Back-office Efficiencies- existing on site now
Featured White Papers
- Frost & Sullivan - Penny Wise, Pound Foolish: The Fallacies of Choosing to Build vs Buy a Software Monetization System
- NEW! Frost & Sullivan - Competitive Analysis of the Software Licensing and Monetization Market
- NEW! IDC Cloud-Based Software Adoption Delivering Value to Customers
- Frost & Sullivan - Get Connected to Profit: Embracing Software Propels Growth in IoT Era
- More Variety with Less Cost: Using Software Features to Achieve Product Differentiation
- Monetizing the IoT: Show Me the Money: A Grey Heron white paper sponsored by Gemalto
- Cloud-Based Software Licensing - A THINKstrategies white paper: Enabling Operational Efficiency, Delighted Customers and Sustainable Competitiveness
- Consolidating Software Licensing Technologies Post M & A: A survival guide for software publishers & intelligent device manufacturers
- 5 Tips for Software Monetization in the IoT
- IDC Supporting Software Business Transformation with Systems Designed for the Task
- How to Achieve a Cloud-Connected Experience Using On-Premise Applications
- IDC Meeting Customer and Business Needs in a Changing Market
- NEW! Cloud-Based Software Licensing: Enabling Operational Efficiency, Delighted Customers and Sustainable Competitive Advantage
- NEW! Pricing Model Flexibility as a Competitive Advantage
- NEW! Monetizing IoT - Show me the Money
- NEW! Monetization Strategies and Technologies to Future-proof Your Business