You are here

Insiders Compromise Three Times More Data than External Intruders in H1 2018

InfoWatch Analytics Center has released a global report on H1 2018 confidential data leaks. The period under review saw a total of 1,039 registered leaks, which is 12% more than in H1 2017. For the first time in the history of InfoWatch reports (since 2004), the volume of globally compromised records dropped by more than three times (7.8 billion to 2.4 billion records YoY). The volume of externally compromised data reduced 10 times to some 0.5 billion records, while the number of records exposed from the inside came to 1.5+ billion records, including personal information and payment details.

“The leakage landscape is changing, with internally-driven incidents becoming the number one problem. Today, criminals no longer go for just data itself. Unless aggregated, such data does not cost much. However, it still contains valuable insights that can be retrieved using advanced technology,” noted Sergey Khayruk, Analyst at InfoWatch Group. “Organizations usually operate huge volumes of structured data and strive to expand their data storages. Our survey shows that malicious insiders pose the main threat today. While most accidental leaks are detected automatically, malicious ones are harder to prevent as insiders have enough time and technology to go under the radar.”

Among the data leaks registered in H1 2018, 651 (two thirds) were pushed by insiders, while 358 of the cases were triggered by intruders from the outside.

In several sectors such as banking and manufacturing, over 60% of personal data breaches were of malicious nature.

The reporting period saw 15 registered incidents with over a million records leaked in each case, as well as 21 mega leaks that harvested 10+ million records each, with mega leaks accounting for a total of 2.3 billion (or 97%) of records compromised worldwide.

Globally, network was, yet again, the most common leak channel (70% of incidents) used most often for advanced attacks that inflicted the greatest damage on organizations. At the same time, monitored data channels, such as emails and paper documents, accounted for a small share slightly exceeding 10% of malicious breaches. Accidental unskilled leaks are common not only for network but for paper documents, emails, and equipment loss/theft channels.

In terms of person responsible, rank-and-file employees were behind the majority (56%) of all data leaks; privileged users (top managers and system administrators) and contractors triggered approximately 4% and over 3% of cases, respectively; while 38% of leaks were caused by external offenders.

Just like in H1 2017, the majority (90%) of incidents were aimed at the most sensitive data, i.e. personal information and payment details.

When it comes to leak type, the largest share still belongs to unskilled leaks unrelated to access abuse or data fraud, while all skilled breaches in aggregate did not exceed 15% in H1 2018.

The largest number of incidents took place in high-tech (21.3%), healthcare (19.5%) and government (13%) sectors. In terms of the volume of records compromised, organizations, where personnel handles very easy-to-sell data, suffered most: high-tech companies, including online services and large portals (25.6% of records), government (13%) and municipal authorities (20%).

“Enterprise cybersecurity industry is changing along with the leakage landscape,” said Sergey Khayruk. “While traditional threat model differentiated merely internal and external threats, today’s data protection strategy is shifting to intentional/unintentional paradigm, regardless of incident vector. Such hybrid information security models will most likely win the market with the ever-increasing role of security tools capable of monitoring human activity, such as deviations from employee/privileged user behavior patterns. DLP systems also evolve, moving towards end-to-end protection based on multi-factor behavior analysis, and already work hand in hand with User and Entity Behavior Analytics (UEBA) solutions, analyzing keystroke patterns, data from access control systems, and CCTV video feeds.”