InfoWatch Analytical Center has released a report on confidential data leaks from organizations in the Middle East for 10 months of 2017. The report is based on intelligence on compromised data, which belongs to profit and non-profit organizations and government authorities, published in mass media and other open sources.
External attacks were the number one leak cause in the region, accounting for 80% of all incidents (compared to only 40% globally).
Internal attacks were often caused by privileged users, such as systems administrators and other technical specialists having elevated data access privileges, with almost 12% of confidential data leaks being internally driven in the Middle East (vs. just 1% globally).
In the leak breakdown by compromised data type and affected sector, the Middle East does not follow the global pattern as well. One in four incidents here compromises trade secrets (know-how), as compared to only 3% worldwide, while state secrets are leaked in 12.5% of cases (versus less than 4% globally).
“The Middle East is a region of geopolitical interest for many major players, with some of them not being good neighbors at all,” said Sergey Khayruk, Analyst, InfoWatch Group. “This is why a major share of incidents here result from politically motivated cyberattacks, and any state secret related information is of value as it can be used in a political struggle.”
The finance and manufacturing sectors faced a half of all leaks in the Middle East (compared to no more than 16% worldwide).
“All over the world, intruders are hunting for huge volumes of personal data,” added Sergey Khayruk. “However, this is not true for the Middle East, with local cyber criminals targeting the most liquid data and, hence, banking, manufacturing, government, and hi-tech sectors.”
Just like everywhere in the world, browsers and cloud storages turned out to be the most popular leak channels in the Middle East (82% of cases), followed by removable media. All other incidents involved equipment theft and loss, paper documents, and leaks via email. Globally, browsers and cloud storages were used in 61% of data leaks, followed by email (23%), and paper documents (8%).