In H1 2016, for the first time ever, we faced a case of personal data being compromised by political hacktivists. Thus, data leakage entered the agenda of both business and politics and became one of the most noticeable newsbreaks during the current U.S. election campaign.
In H1 2016, InfoWatch Analytical Center registered 840 confidential data leaks, which is 16% more than in H1 2015
Примечательно, что среднее количество записей, которые скомпрометированы в ходе одной утечки, мало отличается от отрасли к отрасли.
В организациях среднего размера зафиксировано существенно больше утечек, чем в крупных компаниях. В ряде случаев совокупный объем скомпрометированных записей в средних компаниях равен совокупному объему скомпрометированных записей в крупных компаниях в пределах одной отрасли.
In H1 2016, the share of data leaks from government agencies increased by 2 p.p. up to 20%, while the share of leaks from commercial companies reduced to 80%.
In terms of geography, in H1 2016 the US traditionally ranked first with 451 leakage incidents or 54% of the total volume. Russia has retained the second position (110 leaks) once taken back in H1 2013. The UK rounded out the top three with 39 leaks.
Traditionally, Russia came in second with 110 leaks
In 2014, we declared the dawn of the era of 'mega leaks'.
Over the past two years, the situation has become even worse, with 23 mega leaks recorded in H1 2016. Mega leaks chalk up the majority of compromised personal data and payment details, with this share increasing YoY.
External attacks are the key contributor to the increase in compromised data volume, but, despite our forecast, their share didn't grow.
Evidently, external attacks cause the greatest damage and shape the leakage landscape. However, malicious insiders must also be taken into account.
In H1 2016, for the first time ever, we faced a case of personal data being compromised by political hacktivists.
Thus, data leakage entered the agenda of both business and politics and became one of the most noticeable newsbreaks during the current U.S. election campaign.
Internal violators get more skilled and avoid emails, instant messengers, or removable media today.
Technically savvy intruders know that the cutting-edge control tools can intercept the transfer of confidential information through the above channels, and so they don't risk being caught. Such offenders prefer covert, uncontrolled channels where data protection tools are poor or ineffective.
However, according to the data we have, security developers managed to adapt theirs solutions to infrastructure changes to some extent.
In addition to popular channels, leaks are now detected in the voice channel as well, both accidental (as reported before) and intentional.
The most appealing for offenders and thus the most vulnerable industries were hi-tech, trade, and banks.
Hi-tech companies recorded the largest volume of compromised data (excluding mega leaks). Medium-size businesses suffer from personal data leaks more than large-size corporations do.
The data leaks agenda is becoming more and more transparent, which is a very good sign.
Hopefully, in the near future we will not only discuss leaks, data types, channel specifics, but also evaluate protected assets being compromised as a result of attacks, as well as actual financial losses suffered by companies due to leaks of specific data types. Such evaluation will bridge the gap between information security and business, thus making information security a mission-critical issue for business owners.