InfoWatch Analytical Center has released a report on data leaks from high-tech companies in 2016, according to which the world saw approximately 30% growth in the number of such leaks and more than an eightfold increase in the volume of compromised data. The high-tech companies accounted for almost 75% of all globally compromised data (2.3 billion records), 87% of which were personal data.
“We are witnessing more and more leaks and compromised data in the high-tech companies, where information, including customer data, is usually a key asset, and therefore any leak can have a disastrous impact on business,” said Sergey Khayruk, Analyst at InfoWatch Group. “In 2016, personal data of hundreds of millions of users were stolen from popular social media, such as Facebook, Foursquare, GitHub, iCloud, LinkedIn, MySpace, Snapchat, Telegram, Tumblr, and Twitter. Moreover, hackers successfully attacked the largest email services, including Gmail, Hotmail, Yahoo, and Mail.ru, and pilfered customer details from telecom companies, such as Deutsche Telekom, Three UK, Verizon, and others.”
In 2016, 31 mega leaks compromised more than 95% of data leaked in the high-tech sector, with 10+ million records leaked in each such case. Attackers compromised much more personal data, while the shares of payment details, trade secrets, and know-how shrank in the total number of leaks.
Despite the growing number of leaks caused by external attackers, insider-enabled leaks are no less dangerous for high-tech companies. Thus, even though the high-tech sector suffered 15% more leaks by third parties compared to 2015, the leak damage breakdown by attack vector remained almost the same.
In 2016, the high-tech companies saw more malicious leaks and skilled leaks associated with fraud or access abuse.
“IT market players aggregate huge volumes of user data and thus are eager to use Big Data to analyze structured and unstructured information and other tools, which dramatically evolved in terms of technology and functionality,” noted Sergey Khayruk. “However, the more data is being generated, processed, and stored, the higher the risk of external attacks on corporate resources. At the same time, internal offenders gain more ground, forcing IT companies to use not only effective tools to combat attacks, but also advanced multi-functional DLP systems. Moreover, the soaring number of skilled leaks calls for adding User Behavior Analytics (UBA) to the existing cybersecurity toolbox.”
Background
The report is based on the InfoWatch Analytical Center’s own database that aggregates public notifications of data leaks, which hit profit and non-profit (public, municipal) organizations and resulted from malicious or negligent actions by employees or external offenders. The research covers a maximum of 1% of all assumed leaks.
The high-tech sector report addresses data leaks from software and hardware vendors, telecom operators, as well as Internet providers, search engines, social media, and IT services.
The sampling does not include confidentiality breach and other incidents (such as DDoS attacks) that did not result in data leaks, or leaks from an unclear data source (where the compromised data owner cannot be identified).
