New website ranks worst global data breaches using Richter-like scale

Target and Adobe hit the 10.0

Data breaches are a bad thing but are some worse than others in a way that can be measured objectively?

Encryption firm SafeNet believes its new Breach Level Index (BLI), developed jointly with security analyst Richard Stiennon's IT-Harvest, offers a solution. Covering 2013, the 575,486,661 records breached offers a disturbing new high-water mark for what we know has been happening even if it covers only incidents that were publically-disclosed.

But instead of simply ranking publically-disclosed breaches by the number of records compromised, the BLI sets out to order them as one might for earthquakes or hurricanes, using a logarithmic scale.

Using that, the recent Target and Adobe breaches (a combined total of 262 million records) score a maximum 10.0, the Evernote breach from earlier in the year (50 million) scores 8.8, while the relatively tiny MacRumours forum break-in (860,000 records) is a 7.8.

This means that "a score of 7 is 100 times more severe than a score of 5," to borrow the SafeNet's own description of how its scientific methodology works. One danger in this approach is that people don't understand data breach logarithms any more than they understand the Richter scale for earthquakes; a 7 sounds worse than a 5 but not 100 times worse.

Another issue is that a quick check of the BLI database shows that severity (i.e the rating) lines up with breach size, a long-winded way of saying that the most massive data breaches are overwhelmingly the most severe.

For breaches, big is always bad but sometimes simply very bad.

SafeNet still thinks it has hit on something. "Not all breaches are created or should be treated alike. The Breach Level Index helps us track and differentiate between an insecure breach, in which customer data is compromised and lost, and a secure breach, where data is stolen but cannot be deciphered by cybercriminals because it is encrypted, rendering it useless to them," said SafeNet's vice president of cloud solutions, Jason Hart.

Interestingly, the BLI's sector breakdown accords roughly with 2013 numbers from US non-profit, the Identity Theft Resource Center (ITRC) in that sectors such as healthcare report a large number of individual breach incidents (31 percent) that account for only a small number of records (2 percent).

In contrast, the tech sector has relatively few breaches (11 percent), but these tend to be much larger (43 percent of the records), giving an average of 5.7 million records per breach. This matters because it tells us something about the state of the databases held in these sectors; healthcare holds databases that are fragmented and smaller while technology firms have consolidated these into super-databases. It follows that fragmented databases are harder to protect but offer hackers fewer records when compromised.

Despite its proprietary methodology, the BLI still does the useful job of cataloguing publically disclosed data breaches, not just from the US (which has good breach disclosure laws) but across the world. It is also a useful source for information that tends to be fragmented across different websites.

For the UK, the team behind the BLI have extracted a figure of 1,699,821 UK data records compromised in 2013 although it is not yet possible to see the data broek down by country on the website itself (that feature is promised for the future).

There remains a vast amount of work to be done. SafeNet admits that the apparently shocking 575 million figure is a marked under-estimate because 44 percent of breaches it researched didn't mention how many records were involved. Many other never come to light at all.

The firm's ambition is that organisations will use the Index with their own breach data, getting a risk assessment score of severity at the end. This is more marketing than substance because nobody needs a website to know that losing half a million customer records to a hacker is likely to result in a score somewhere between a 7 and an 8, i.e. bad.

Join the CSO newsletter!

Error: Please check your email address.

Tags TargetSafeNetConfiguration / maintenanceEvernotesecurityhardware systemsData Centre

More about Adobe SystemsEvernoteSafeNet

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts