55% of data breaches were caused by malicious hackers; accidents or human error cited in 25% Credit: Thinkstock In IT security, worst case scenarios became commonplace in 2014, and there’s no end in sight. Headline-making data breaches will likely continue into this year, as businesses, governments and regulators play catch-up to this threat.The nature of the attacks is changing as well, according to Gemalto, a digital security firm. Records that help criminals with identity theft, which is harder to catch and stop, are the leading goal of attackers. The recently disclosed breach of 80 million records at Anthem, the health insurer, was an identity theft attack.Gemalto, in its annual Breach Level Index report (see PDF) released Thursday, said there were, globally, 1,514 breach incidents that became public, with the number of records compromised exceeding 1 billion.In terms of number of records breached, 2014 represented a 78% increase over the prior year. Gemalto collects its data from public sources, and despite the vagaries of this type of data collection, it believes the report reflects what is happening on a year-to-year basis. “Breach notification laws didn’t change dramatically,” said Tsion Gonen, chief strategy officer for identity and data protection at Gemalto.Mega breaches are the defining trend, exposing tens of millions of records of brand-name companies last year, including Home Depot, with 109 million records breached, eBay, at 145 million, and JP Morgan Chase at 83 million. Identity theft accounted for 54% of the attacks, which is up 20% from 2013.The rise of identity theft, said Gonen, is a result of the success of financial services firms in quickly stopping financial access crimes, such as credit card fraud. That’s not the case for identity theft, which will require regulatory approaches to curb, he said.Gemalto came up with a 1-to-10 ranking system, determined by an algorithm, for breaches. The system is weighted toward the “outbound,” impact, or impact on customers, especially if the data is unencrypted. That ranking system gave,Home Depot, JP Morgan Chase, and eBay scores of 10, while Sony, which generated worldwide press with its released emails and stolen digital content, received a 6.5 ranking, since much of the damage was to Sony itself.Malicious outsiders accounted for 55% of the breach incidents, while the next largest source is human error, at 25%. The human error problems include improperly secured Web sites that allow access to customer data and lost laptops. A company’s decision not to encrypt customer data is not counted as human error.Gonen said 2014 will be remembered as a tipping point in IT security. He said security awareness is the highest it has ever been, and points to recent moves by President Obama to seek security legislation and new levels of cooperation with the private sector.“Everyone is aware,” said Gonen of the risks, “everybody gets it.” Related content news Multibillion-dollar cybersecurity training market fails to fix the supply-demand imbalance Despite money pouring into programs around the world, training organizations have not managed to ensure employment for professionals, while entry-level professionals are finding it hard to land a job By Samira Sarraf Oct 02, 2023 6 mins CSO and CISO CSO and CISO CSO and CISO news Royal family’s website suffers Russia-linked cyberattack Pro-Russian hacker group KillNet took responsibility for the attack days after King Charles condemned the invasion of Ukraine. By Michael Hill Oct 02, 2023 2 mins DDoS Cyberattacks feature 10 things you should know about navigating the dark web A lot can be found in the shadows of the internet from sensitive stolen data to attack tools for sale, the dark web is a trove of risks for enterprises. Here are a few things to know and navigate safely. By Rosalyn Page Oct 02, 2023 13 mins Cybercrime Security news ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year Researchers from Group-IB believe it's likely the group is an independent affiliate working for multiple ransomware-as-a-service operations By Lucian Constantin Oct 02, 2023 4 mins Hacker Groups Ransomware Cybercrime Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe