Prior encryption of data in only 4% of occasions of data breach

August 1, 2014 |

Many organisations believe that good data security begins and ends with the firewall and anti maleware software.  A rather brittle defence.  The reality is that data breaches come from a range of sources.  Hacking through digital defences is but one way.  Social engineering and phishing especially is a common means of entreport.  Organisations need to have protections within their systems to deal with those who have breached their outer security infrastructure.  One effective means of thwarting a hacker is encrypting personal information. It is both practical and affordable to do it.  But very few organisations bother as SC Magazine notes in  Breach index: Encryption used in 4 percent of Q2 incidents.

It provides:

Last quarter, organizations that reported data breaches only used encryption around four percent of the time to further safeguard data, a report found.

On Wednesday, data protection solutions firm SafeNet released its Breach Level Index report (PDF) for the second quarter of 2014, which examined 237 disclosed breaches worldwide. The incidents, which left 175 million customer records of “personal and financial information” exposed, included major breaches like those hitting eBay (145 million records) and the Montana Department of Public Health and Human Services (1.3 million people).

The report revealed that, among the breaches, encryption was only used in 10 out of the 237 incidents. Furthermore, only two incidents were classified as “secure breaches,” meaning strong encryption, authentication solutions or key management “rendered the data useless,” the report said.

The Q2 2014 report marks the first time that SafeNet noted the incidence of encryption during breaches.

Of note, the sector hit hardest by breaches last quarter, between April and June, was the retail industry, where 83 percent of records (or over 145 million records) were lost or stolen. Next in line was the government sector, which accounted for 11 percent of impacted records (over 19 million) in Q2.

On Wednesday, Tsion Gonen, chief strategy officer for SafeNet, told in an interview that, since the company began publishing the BLI report (now in its third quarter), the presence of encryption at companies has remained “static.”

Just one incident, for instance, where millions of unencrypted records are exposed, can overshadow smaller breaches where companies may have encrypted a lost or stolen laptop or devices, he explained.

Gonen does believe, however, that more companies will be forced to take up the security measure, as the costs and other consequences of breaches continue to climb.

“We don’t see any significant increase in these [encryption] numbers as far as percentage,” Gonen said of the past year, later adding that he still expected to see a shift in behavior.

“I think we will see more encryption [being used]. We’ll see companies doing more whether they like it or not,” Gonen said.

Accompanying the BLI report was a customer sentiment survey (PDF) which highlighted consumer attitudes about breaches. The study compiled responses from over 4,500 people in the U.S., UK, Germany, Japan and Australia, where 15 percent of individuals said they would “never again” shop or do business with a company experiencing a breach. Twenty-three percent of respondents said their patronage would be “very unlikely” after such an occurrence.

One Response to “Prior encryption of data in only 4% of occasions of data breach”

  1. Prior encryption of data in only 4% of occasions of data breach | Australian Law Blogs

    […] Prior encryption of data in only 4% of occasions of data breach […]

Leave a Reply