More than 2.6 billion personal records have been compromised by data breaches in the past two years, highlighting the need to enhance security on user devices, a new study from Apple shows.
Nearly 1.1 billion and 1.5 billion breaches occurred in 2021 and 2022, respectively, contributing to the tripling of these incidents between 2013 and 2022, the iPhone maker said in a report conducted in collaboration with the Massachusetts Institute of Technology.
In the US, the number of data breaches rose by nearly a fifth in the first nine months of this year, compared to the whole of last year, it said.
That highlights the need for more stringent protections, most notably end-to-end encryption, the system in which only those communicating with each other can see the messages being sent, the report said.
“Organisations must rethink the amount of data they collect and, especially, limit the amount of unencrypted consumer data they retain. It’s also why, in the last year, technology platforms and other industry players have expanded their use of end-to-end encryption,” it said.
End-to-end encryption uses an algorithm that transforms standard text characters into an unreadable format. It uses encryption keys to scramble data so that only authorised users can read it.
The origins of E2EE, as it is also referred to, stretch back to the 1970s, but it gained attention with the emergence of WhatsApp, which touted the key privacy feature. In 2014, Meta, then known as Facebook, bought WhatsApp for $19 billion.
The most obvious reason is that it guarantees the security and privacy of content being shared between users. But this is not just limited to regular users: businesses can also largely benefit from E2EE, as it can protect sensitive data and information such as financial and legal documents.
Technology companies are increasingly boosting their ecosystems' security by rolling out several encryption features, according to the Apple-MIT study.
In 2011, Apple – known for its stringent security on its software and devices – made its iMessage the first widely available messaging service to provide E2EE encryption by default. It also rolled out Advanced Data Protection for iCloud in December 2022.
In February, Alphabet's Google expanded client-side encryption to include additional Google Workspace products such as Gmail and Calendar.
Meanwhile, Meta Platforms this week said E2EE for personal chats on its flagship Facebook and Messenger applications is now activated by default, helping their more than four billion users boost their data security.
“Given the prevalence of data breaches and their real-life consequences for individuals, keeping personal data safe should be at the forefront of organisations’ priorities,” the study said.
Apple and MIT, however, cautioned that despite efforts, companies may still fall short, especially as bad actors on the web can penetrate even the most robust of security systems.
“Recent trends continue to show that inventive hackers are becoming more sophisticated and aggressive. Ransomware attacks are at an all-time high, and ransomware gangs are increasingly targeting organisations that hold the most sensitive personal data,” it said.
The number of ransomware attacks spiked by nearly 70 per cent in the first three quarters of 2023, compared with the same period a year ago, the study said, citing data from US-based Corvus, which specialises in cyber insurance.
“Bad actors continue to pour enormous amounts of time and resources into finding more creative and effective ways to steal consumer data, and we won’t rest in our efforts to stop them,” Craig Federighi, Apple’s senior vice president of software engineering, said in a statement.
“As threats to consumer data grow, we’ll keep finding ways to fight back on behalf of our users by adding even more powerful protections.”