Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches

  /     /     /  
Publicated : 23/11/2024   Category : security


Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches


Data breaches are rapidly accelerating, according to a number-crunching report from Apple this week — heightening the need to finally implement end-to-end data encryption.



An Apple-commissioned report this week has highlighted once again why analysts have long recommended the use of end-to-end encryption to protect sensitive data against theft and misuse.
The report is based on an independent study of publicly reported breach data that a professor at the Massachusetts Institute of Technology conducted for the tech giant. It showed that ransomware campaigns and attacks on trusted technology vendors contributed to a sharp increase in data breaches and the number of records compromised in these breaches over the past two years.
In 2021 and 2022, data breaches exposed a staggering 2.6 billion personal records — some 1.5 billion of them last year alone. That number will likely be even higher in 2023 if trends so far this year are any indication.
The total number of data breaches in the first nine months of 2023 alone is already 20% higher than the total for all of 2022. Corporate and institutional breaches exposed sensitive records belonging to some 360 million people through the end of August 2023.
Data from IBMs 2023 Cost of a Data Breach and a separate Forrester research study, quoted in the
Apple report
, showed that 95% of organizations that experienced a recent breach had experienced at least one other previous breach. Seventy-five percent had experienced at least one data compromise incident in the previous 12 months.
Ransomware and vendor attacks contributed in a major way to the sharp increase in data breaches and resulting compromise of sensitive records. The number of ransomware attacks in the first nine months of 2023, for instance, was 70% higher than the same period in 2022. Some 50% more organizations reported experiencing a ransomware attack in the first half of 2023 compared to 2022, and the number appears to be trending even higher in the back half of the year.
The study also found that 98% of organizations currently have a relationship with a technology vendor that has experienced at least one recent data breach. Examples in the report of breaches involving vendors and vendor technologies that had an impact on a broad number of organizations and individuals include ones at
Fortra
,
3CX
,
Progress Software
, and
Microsoft
.
This rising threat to consumer data is a consequence of the growing amount of unencrypted personal data that corporations and other organizations collect and store, particularly in the cloud, Apple said in its report. Organizations can reduce the likelihood of hackers using or selling their consumer data by encrypting data stored in their networks, making it only readable by those who have the key to decrypt it.
The need for organizations to encrypt data — while it is in use, in transit, and at rest — is a long recognized issue. Few dispute the effectiveness of data encryption in protecting stolen data against misuse and in rendering stolen data useless to those who steal it. Several regulations and industry mandates — such as PCI DSS, HIPAA, GLBA, and the EUs GDPR — require or recommend encryption, especially for stored data and for data in transit.
Encryption stands as a formidable defense against unauthorized access to sensitive information, says Demi Ben-Ari, CTO and co-founder of Panorays. Encryption makes data unreadable to unauthorized parties, greatly reducing the risk of data exposure even in the event of a data breach, he says. The strength of encryption in making stolen data useless highlights its crucial role as a basic protective measure.
Even so, many organizations — as Apples study and that from others suggest — have continued to drag their feet on
data encryption
for a medley of reasons. These include the perceived complexity of encryption systems, the potential cost involved, concerns over performance impacts, and a lack of in-house expertise to manage encrypted systems effectively, says Craig Jones, vice president of security operations at Ontinue.
Implementing end-to-end encryption can range from moderately difficult to very challenging, depending on the organizations size, existing infrastructure, and the types of data being encrypted, Jones says. It requires careful planning, investment in the right tools and technologies, and often a cultural shift in how data security is perceived and managed. Often organization can run into problems related to key management, which is a major issue because losing keys can mean losing access to data permanently. Organizations also need to consider potential performance impacts related to encryption and ensure compatibility with existing systems and formats, Jones says.
The rapid and growing adoption of cloud computing is another factor that organizations need to factor in when considering encryption plans. Data that Apples study reviewed showed that 80% of breaches involved data stored in the cloud. Encrypting such data can be more challenging than encrypting data on premises.
Organizations that have good security practices usually have full visibility over their legacy networks, says Ken Dunham, director of cyber threats at Qualys. But when they migrate to cloud, they often lose the ability to have similar controls, visibility, management, and operations to address the pros and cons of encryption in action. The need for organizations to maintain a hybrid network of legacy and modern technologies while they complete digital transformation initiatives adds another layer of complexity, he adds.
One mistake organizations can make is relying solely on cloud providers for data encryption, Ben-Ari says: While cloud providers offer valuable security measures, organizations must assume direct responsibility for encrypting their data.
He recommends that organizations prioritize technologies that are user-friendly to facilitate smooth integration; phased implementations can further minimize disruption to daily operations.
And finally, he recommends that organizations take advantage of the shared responsibility model that many cloud providers and leading SaaS vendors offer that allow organizations to give users many advanced encryption features at the click of a button.

Last News

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches