Some 3.24 million records were stolen, lost or exposed in India in 2017, according to Breach Level Index study by digital security firm Gemalto. This number has increased by a whopping 783% over the previous year. The study tracks and analyses data breaches, the type of data compromised and how it was accessed, lost or stolen in the last five years.
There were 29 major data breach incidents in the country in 2017. The common type of data breach is identity theft, accounting for 58% of all data breach incidents. The second most prevalent breach was access to government data.
But the main cybersecurity threat is from malicious outsiders who were responsible for 52% of all breach incidents. The primary targets for them were companies in the retail, government and financial services sectors.
Globally the year 2017 was also the first year publicly disclosed breaches crossed the two billion compromised data record threshold since the Breach Level Index began tracking data breaches in 2013. Over the past five years, nearly 10 billion records have been lost, stolen or exposed, with an average of five million records compromised globally every day.
The industries that experienced the largest number of data breach incidents were government (28%), retail (21%), education (17%) and healthcare (7%).
In terms of the number of records lost, stolen or compromised, the most targeted sectors were government (62%) and technology (37%).
The main reason for data breaches is human error that led to improper disposal of records, misconfigured databases and other unintended security issues which caused 3.7 million records to be exposed globally.
What is new in 2017 is the 'nuisance type attacks' which were not seen in 2016 - when the compromised data includes basic information such as name, address and/or phone number. The larger ramification of this type of breach is often unknown, as hackers use this data to orchestrate other attacks. Such attacks have compromised 200 million records globally this year which constituted 98% of all compromised data.
"The manipulation of data or data integrity attacks pose an arguably more unknown threat for organizations to combat than simple data theft, as it can allow hackers to alter anything from sales numbers to intellectual property. By nature, data integrity breaches are often difficult to identify and in many cases, where this type of attack has occurred, we have yet to see the real impact," said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.
He adds that companies can mitigate the risks surrounding a breach through a 'security by design' approach, building in security protocols and architecture at the beginning.