According to the Global Data Leakage Report 2017 prepared by InfoWatch Analytical Center and based on publicly available information, the number of compromised data records worldwide, including social security numbers, bank card details, and other critical information, grew more than four-fold year over year, from 3.1 billion to 13.3 billion. During the period under review, global mass media and other open sources reported a total of 2,131 data leaks from enterprises, which is 37% more than in 2016.
In addition, 39 mega leaks (at least 10 million records each) accounted for some 13 billion records or almost 99% of all data stolen worldwide. Compared to 2016, the number of global mega leaks dropped by 12%, while the number of compromised records per mega leak increased almost five-fold to reach 336 million.
“Once again, the global leak picture changed a lot, mainly due to the digitalization of economic, political, social, and other sectors of life,” said Sergey Khayruk, Analyst at InfoWatch Group. “The volume of compromised data records and leak intensity surpassed all expectations mostly due to new data storage and processing approaches. Instead of keeping and handling customer, employee, and citizen details in different offices and branches like they did before, governments and enterprises now leverage emerging technology to centrally collect information and thus maximize Big Data benefits.”
The share of insider-driven mega leaks grew from last year’s 13% to 54% in 2017, with internal offenders being responsible for some 60% of all leak incidents. The majority (≈53%) of cases were caused by rank-and-file employees, which is 10 percentage points (p.p.) higher than in 2016, while some 3% were triggered by privileged users, such as top managers, heads of business units, and system administrators.
In terms of incident patterns, unskilled leaks unrelated to access abuse or data fraud shaped 83% of cases.
“Increasingly aggregated and centralized data storages once again bring up the issue of an insider whose errors and other actions may cause more and more grave consequences, leading to leaks,” the report notes.
Despite 7 p.p. drop YoY, user data still takes the largest share in the global structure of compromised information, with 86% of leaks involving personal and financial data, with the share of payment data leaks growing by 13.8 p.p. to exceed 20% of the total volume.
“When it comes to leaks, one of the main concerns has always been that nobody could accurately quantify the damage and thus measure the effectiveness of protection tools,” noted analyst Sergey Khayruk, InfoWatch Group. “Today, we can see many cases when damage is assessed in terms of money, which means that enterprises can evaluate their financial losses caused by data leaks. Therefore, cybersecurity specialists can justify the return on investment in enterprise information security measures.”
For example, to mitigate the consequences of a huge data breach compromising personal data of over 145 million people, Equifax, a credit reporting agency, had to pay $87.5 million in Q3 2017. Thus, the company spent $55.5 million in direct costs, $17.1 million in incident response and professional fees, and $14.9 million more in customer compensations.
Just like in 2016, the majority of 2017 leaks preferred the network channel, while leaks via email grew to 13%. Compared to 2016, there were fewer data leaks via removable media and those involving paper documents and equipment theft/loss.
The report authors believe that even though the data leak breakdown by channel remains the same, brand-new technologies can emerge and require DLP tools to better adapt to enterprise infrastructure and secured objects.
Data leaks were detected most often in healthcare (17.4%), high-tech (16.7%), and government (16.5%) sectors, while most rarely, in local authorities (5.5%) and manufacturing and transport enterprises (5.3%).
High-tech, retail, and government sectors had the largest volume of data compromised (32%, 27%, and 23%, respectively), with the share of data leaks in the government sector going up four times.
Both in 2016 and 2017, the most attractive for criminals were high-tech companies, banks, and financial institutions, with more than a half of the leaks compromising data being of malicious nature there.
“Industry-specific leakage landscape is shaped by data liquidity on the black market and alleged data security maturity, with both factors being relatively stable. However, the need to store and process large data volumes, for example, due to the digitalization of traditional industries, can reinvent information processes there and affect the general picture as well,” InfoWatch Analytical Center experts say.