A new 2015 cybersecurity report has been published by software security firm Trend Micro, which shows the loss of devices is responsible for causing more data breaches than hackers, malware, and malicious insiders.
The company analyzed a decade’s worth of data breach reports from Privacy Rights Clearinghouse (PRC), a Californian not-for-profit corporation whose purpose is to advocate for consumers’’ privacy rights.
The data for the study came from PRC’s “Chronology of Data Breaches/Security Breaches 2005–Present:” which details publicly disclosed data breach reports gathered from Attorneys General press releases, authority websites, company breach reports and media sources.
The report, entitled “Follow the Data, Dissecting Data Breaches and Debunking the Myths’, offers some surprising insights into the causes of data breaches, the exact type of data sought by cybercriminals and identity thieves, and how data is used by criminals.
Trend Micro’s 2015 Cybersecurity Report Names Device Loss as Main Breach Cause
Hackers and malware infections certainly make the headlines, but the report revealed loss of employees’ laptops, mobile devices, and thumb drives that have caused the most data breaches over the past decade. According to Trend Micro’s data analysis, device loss, across all industries, was the cause of 41% of reported data breaches, with the loss of portable devices accounting for 24% of the total number of data breaches reported. The combined total for malware and hacking was 25%, unintentional disclosure, 17.4% and insider leaks, 12%.
Identity Theft Rampant in the Healthcare Industry
The retail industry suffered the highest number of incidents of payment card fraud; however healthcare suffered most from identity theft, with the industry accounting for 29.8% of reported cases. The retail industry was in second place with 15.9%.
While many believe hackers are stealing data with the intention of committing identity theft, the most common method of obtaining the data necessary to steal identities was insider leaks. 44.2% of cases of identity theft sourced data by this means, with hackers or malware accounting for 15.5%. In 28.7% of cases, the data sought by identity thieves was PII.
Due to the volume of data breaches, and the number of records now obtained by criminals, the price of a full set of PII has fallen in recent months. According to the report, PII could be bought on the darknet for $4 a line 12 months ago. Now the price stands at around $1 a line. This has been attributed, in part, to there being a surplus of data for sale.
The full Trend Micro 2015 Cybersecurity Report can be downloaded here.