An Apple-commissioned report this week has highlighted once again why analysts have long recommended the use of end-to-end encryption to protect sensitive data against theft and misuse.
The report is based on an independent study of publicly reported breach data that a professor at the Massachusetts Institute of Technology conducted for the tech giant.
It showed that ransomware campaigns and attacks on trusted technology vendors contributed to a sharp increase in data breaches and the number of records compromised in these breaches over the past two years.
Billions of Compromised Records In 2021 and 2022, data breaches exposed a staggering 2.6 billion personal records - some 1.5 billion of them last year alone.
The total number of data breaches in the first nine months of 2023 alone is already 20% higher than the total for all of 2022.
Data from IBM's 2023 Cost of a Data Breach and a separate Forrester research study, quoted in the Apple report, showed that 95% of organizations that experienced a recent breach had experienced at least one other previous breach.
Seventy-five percent had experienced at least one data compromise incident in the previous 12 months.
Ransomware and vendor attacks contributed in a major way to the sharp increase in data breaches and resulting compromise of sensitive records.
Some 50% more organizations reported experiencing a ransomware attack in the first half of 2023 compared to 2022, and the number appears to be trending even higher in the back half of the year.
The study also found that 98% of organizations currently have a relationship with a technology vendor that has experienced at least one recent data breach.
Examples in the report of breaches involving vendors and vendor technologies that had an impact on a broad number of organizations and individuals include ones at Fortra, 3CX, Progress Software, and Microsoft.
Breaches Heighten Need for Encryption The need for organizations to encrypt data - while it is in use, in transit, and at rest - is a long recognized issue.
Few dispute the effectiveness of data encryption in protecting stolen data against misuse and in rendering stolen data useless to those who steal it.
Several regulations and industry mandates - such as PCI DSS, HIPAA, GLBA, and the EU's GDPR - require or recommend encryption, especially for stored data and for data in transit.
Encryption makes data unreadable to unauthorized parties, greatly reducing the risk of data exposure even in the event of a data breach, he says.
Many organizations - as Apple's study and that from others suggest - have continued to drag their feet on data encryption for a medley of reasons.
The rapid and growing adoption of cloud computing is another factor that organizations need to factor in when considering encryption plans.
Data that Apple's study reviewed showed that 80% of breaches involved data stored in the cloud.
Encrypting such data can be more challenging than encrypting data on premises.
Finally, he recommends that organizations take advantage of the shared responsibility model that many cloud providers and leading SaaS vendors offer that allow organizations to give users many advanced encryption features at the click of a button.
This Cyber News was published on www.darkreading.com. Publication date: Fri, 08 Dec 2023 22:35:21 +0000