Ever wondered which South African organisation has been targeted more by cyber attackers than any other since 2013? Digital security company Gemalto has the answer: the cops.
Gemalto has launched a new tool called the Breach Level Index for tracking and reporting online security breaches. It also allows you to pore over a database of past breaches, and we discovered that South Africa had nine significant breaches between the start of 2013 and today. The most-targeted organisation was the South African Police Service, which came in at the number one spot with the loss of 15 000 personal records.
The source of the breach were “malicious outsider[s]”, and they were after data that could be used to steal identities, according to the report. While 15 000 stolen records sounds like a lot, in the context of far bigger hacks which have yielded millions of records, it’s actually quite small.
Listed second behind the cops was WooThemes, a WordPress plugin that suffered the loss of 300 records. The type of data the hackers were after is listed as “financial information”
Interestingly, the Marikana Commission lawyer’s office was at number four, a hack that happened in April of this year that was also attributed to a “malicious outsider”.
Encryption: it works
Gemalto has also put together a fascinating infographic on the site, which illustrates all of 2014’s recorded breaches from across the globe.
Just over a billion records were “lost or stolen” over the year, apparently, but most importantly, the infographic stresses that only four per cent of all hacks were of “secure breaches”, meaning the theft of encrypted data that ultimately proved useless to the thieves.
That’s actually the point the site stresses over and over: that better data security policies are highly recommended, and that encryption should be deployed across all organisations’ datacentres in order to render any stolen data useless to hackers.
Gemalto also emphasises that companies should no longer favour an “if” mentality when it comes to being hacked, but a “when”, and instead adopt policies focused on how to “Secure the Breach“.