Data breaches based on identity theft accounted for 54 percent of all data breaches for the year 2014, making the category the main focus for cybercriminals away from the usual thefts of financial data that have dominated previous years.
This new shift has emerged in the latest Breach Level Index (BLI) report by global digital security company Gemalto, which also found that identity theft –related breaches accounted for one-third of the most severe data breaches for the year under study.
Originally carried out by SafeNet before it was acquired by Gemalto, BLI provides a database for data breaches around the world as they happen and provides a methodology for security professionals to see how severe certain breaches were and also see their rank in publicly disclosed breaches.
According to the report, cybercriminals are now more concerned with stealing a person’s identity for malicious use at a later time by generating fake documents that would implicate another person in major attacks or fraudulent cases.
“We’re clearly seeing a shift in the tactics of cybercriminals, with long-term identity theft becoming more of a goal than the immediacy of stealing a credit card number. Identity theft could lead to the opening of new fraudulent credit accounts, creating false identities for criminal enterprises or a host of other serious crimes,” reads a statement from Gemalto.
Away from the specifics of identity theft as the main focus by criminals, the total number of data records that was compromised in 2014 breaches went up about 49 percent from the previous year, to reach one billion globally. The number also represents a 78 percent increase for either lost or stolen data.
With the report showing that data breaches are becoming more personal, Gemalto urges people around the world to make notice of the expanding risk exposure for the average person and become more careful with the information they share on various platforms.
The retail industry was the most hit among other industries, recording an 11% increase in data breaches from the year 2013 and 55% for all data records compromised, an increase from the 29% recorded in the previous year.
According to the report, the increase in compromised data for the retail sector is as a result of a recorded increase in the number of attacks that targeted point-of-sale systems for the year under review.
Another industry that received a noticeable trend was the financial services sector, which even as it recorded flat rates in the number of breaches from last year, the average number of records compromised per breach significantly went up ten-fold to reach 1.1 Million from previous 112,000.
With the significant increase, Gemalto voices that ‘being breached is not a question of if but when’ meaning that individuals and organizations alike need to understand that breach prevention does not completely keep cybercriminals out.
“Companies need to adopt a data-centric view of digital threats starting with better identity and access control techniques such as multi-factor authentication and the use of encryption and key management to secure sensitive data. That way if data is stolen, it is useless to the thieves,” says Gemalto.
