As the web landscape grows in size through the rapid adoption of cloud computing and mobile environments, the number of vulnerabilities is bound to increase, leading to more inadvertent or malicious data breaches. According to a new report by the Identity Theft Resource Center (ITRC), there were 213 reported data breaches in the first six months of 2012. Despite this high number, the majority of decision-makers have failed to give insight into how the incidents occurred, hindering other companies that may follow in their path.
The report noted that more than 63 percent of breaches were not attributed to a specific circumstance, yet the ITRC tracks multiple categories: insider theft, accidental web exposure, subcontractor responsibility, hacking, data on the move and more recently employee negligence. When an organization reports an incident using these attributed sources, the public can gain more insight into data breach trends and what the consequences are for involved parties.
"It is clear that without a mandatory national reporting requirement that many data breaches will continue to be unreported, or under-reported, and it would appear that the situation is growing worse," the ITRC report said.
Industry breaches in the first half of 2012
By using the information accumulated from responsible reporting organizations, the ITRC was still able to determine what is currently happening in the cyber landscape. The report noted that the healthcare industry, in particular, continues to fall victim to a number of breaches, putting 2012 on pace to hit an eight-year high. Approximately 27 percent of data breaches so far in 2012 are attributed to healthcare, already exceeding the 24 percent of the 2010 calendar year.
Conversely, the banking industry is implementing more robust data security practices and preventing breaches from occurring. According to the ITRC, only 4 percent of incidents reported in the first half of this year have been attributed to the financial industry, putting it on track to reach an eight-year low.
The low number of breaches in the banking vertical may be driven by new trends occurring within the industry. A separate report by IDC Financial Insights noted that banks are becoming increasingly frugal during the ongoing global economic crisis and are deploying cloud computing more often in an attempt to reduce IT expenses and still leverage advanced data protection tools.
"The global economy will continue to flounder in 2012 as the crisis in Western Europe casts a long shadow," IDC Financial Insights vice president Jeanne Capachin said. "As a result, many banks are taking a closer look at their expense budgets as they consider new IT investments."
Data breach attributes of early 2012
The ITRC noted that malicious attacks on corporate networks continue to plagues businesses across industries. The report noted that more than 30 percent of all incidents reported thus far have been attributed to hacking, up from 27 percent reported in the first half of last year. If this pace continues, 2012 will set another record-high year.
Insider incidents, on the other hand, are occurring less frequently, suggesting decision-makers are enforcing data protection policies and educating workers on data loss prevention. The ITRC revealed that insider theft only accounts for 7.5 percent of reported occurrences in the first half of 2012, compared to more than 17 percent in the same time period last year. Meanwhile, employee negligence has only been attributed to slightly more than 6 percent of reported incidents so far this year.
The ITRC identifies and acknowledges the growing need for companies to take data breach reporting more seriously, especially as IT evolves and creates more complexity. By properly detailing specific incidents, decision-makers and security professionals may be able to get a better understanding of the cyber risk landscape and prevent vulnerabilities from causing catastrophic problems.
Data Security News from SimplySecurity.com by Trend Micro