There is disturbing news from Gemalto, which compiles a “Breach Level Index” to track global public data breaches. They identified 945 breaches in the first half of 2018 alone, which have affected 4.5 billion records. That’s up 133% over the same period in 2017.
If you’re keeping count, that’s 15 billion records that have been compromised since the Index began in 2013—or a staggering 291 records every second. Gemalto is careful to point out that some of the increase may be due to better reporting, as governments have started to demand that companies inform consumers and regulators promptly about these problems. That being said, incident severity is escalating, with more records affected per breach.
This means security measures are vital. An important step for every company is to increase the use of encryption. Technology advancements have made encryption far less of a burden. Organizations need to seriously look at encrypting data at rest and in transit. Basically, whenever and wherever it’s possible to encrypt without slowing workflows to a halt, it’s best to follow Nike and Just Do It.
Remember, under the EU’s newly enacted GDPR (General Data Protection Regulation), penalties will apply for companies that mishandle data. Already Heathrow Airport got dinged £120,000 for losing a USB drive containing sensitive information, and Facebook may be looking at $1.6 billion in fines after hackers managed to run around 50 million user accounts.
Increased regulatory scrutiny may force improvement in lax procedures, but in the digital era, breaches are becoming a fact of life. There are emerging models for combining perimeter security, hardware security, AI-driven detection, and highly granular containment strategies to minimize unauthorized data access. But the reality is any enterprise stockpiling useful information—whether that’s health records, credit card numbers, or social media profiles—can expect to have an issue eventually.
Encryption is such a basic component of the data protection landscape, it’s disappointing that Gemalto reports only one percent of stolen, lost, or compromised records were encrypted. Come on team, we can do better!