According to InfoWatch Analytical Center, global mass media and other open sources reported 925 confidential information leaks in H1 2017, which is 10% more than in H1 2016. In January-June 2017, data leaks caused 7.78 billion personal and payment data records being compromised, including social security numbers, bank card details, and other critical data, as compared to 1.06 billion during the same period in 2016 and some three billion records compromised for the entire 2016 globally.
Such dramatic growth in H1 2017 was due to 20 mega leaks (10+ million records each) that accounted for 98% of all personal and finance data compromised. Compared to H1 2016, there were 20% more payment data leaks and 20% fewer personal data leaks.
Internal offenders caused 58% of global cases, with an average number of compromised records soaring up to 13.6M records per leak caused by external intruders (2.4M in 2016) and 4.5M records per leak by malicious insiders (0.8M in 2016).
“Since the beginning of 2017, we have been witnessing the sprawl of compromised data and damage caused by sensitive information leaks,” said Sergey Khayruk, Analyst, InfoWatch Group. “Digital economy development makes cybersecurity move beyond its own sector and become a topic of discussion at the highest possible level. An increasingly better understanding of data leaks should contribute to overall information security awareness, even in Russia, where affected organizations are starting to assess damage caused by a particular leak. To minimize these risks, enterprises need an integrated approach to cybersecurity, including tools for protection against internal and external threats.”
The share of data leaks associated with unauthorized data access (abuse of access privileges and internal espionage) are less than 8% of all cases, while unskilled leaks unrelated to the abuse of access privileges or data fraud are recorded in 84% of cases.
Compared to H1 2016, the reporting period saw more leaks through the network channel and email and fewer leaks through equipment loss/theft, removable media, and paper documents.
The most marketable payment details mostly leaked via browsers or cloud storages (45%) and corporate email (44%). Data leaks were detected most often in healthcare and least often in manufacturing and transport sectors. Hi-tech companies, including online services and major portals, recorded the largest volume of compromised data, while 16% of all compromised records leaked from government authorities.
Over the reporting period, criminals were mostly interested in banking and high-tech sectors, where more than a half of the personal data leaks were of malicious nature.
“Commercial and governmental services operate an ever-growing volume of electronic and therefore extremely marketable data,” noted Mr. Khayruk. “Both high-tech and financial sectors are very exposed to data leaks and extremely attractive to intruders, with the majority of data being compromised there maliciously. At the same time, these very sectors drive digital economy, which, as it evolves, requires better regulation and cybersecurity for digital transformation processes.”