InfoWatch Analytical Center, in a report, released a report on data leaks from high-tech companies in 2016, revealed that data leaks have grown by 30% while high-tech companies accounted for almost 75% of all globally compromised data.
That is 2.3 billion records from High-Tech co’s that were breached, stolen, hacked said the report, representing 87% personal data.
Number of data leaks and volume of compromised personal data in the high-tech sector
share of high-tech companies in the total volume of data records compromised globally, 2015-2016
“We are witnessing more and more leaks and compromised data in the high-tech companies, where information, including customer data, is usually a key asset, and therefore any leak can have a disastrous impact on business,” said Sergey Khayruk, Analyst at InfoWatch Group.
In 2016, personal data of hundreds of millions of users were stolen from popular social media, such as Facebook, Foursquare, GitHub, iCloud, LinkedIn, MySpace, Snapchat, Telegram, Tumblr, and Twitter. Moreover, hackers successfully attacked the largest email services, including Gmail, Hotmail, Yahoo, and Mail.ru, and pilfered customer details from telecom companies, such as Deutsche Telekom, Three UK, Verizon, and others.
In 2016, 31 mega leaks compromised more than 95% of data leaked in the high-tech sector, with 10+ million records leaked in each such case. Attackers compromised much more personal data, while the shares of payment details, trade secrets, and know-how shrank in the total number of leaks.
Despite the growing number of leaks caused by external attackers, insider-enabled leaks are no less dangerous for high-tech companies. Thus, even though the high-tech sector suffered 15% more leaks by third parties compared to 2015, the leak damage breakdown by attack vector remained almost the same.
In 2016, the high-tech companies saw more malicious leaks and skilled leaks associated with fraud or access abuse.
“IT market players aggregate huge volumes of user data and thus are eager to use Big Data to analyze structured and unstructured information and other tools, which dramatically evolved in terms of technology and functionality,” noted Sergey Khayruk. “However, the more data is being generated, processed, and stored, the higher the risk of external attacks on corporate resources. At the same time, internal offenders gain more ground, forcing IT companies to use not only effective tools to combat attacks, but also advanced multi-functional DLP systems. Moreover, the soaring number of skilled leaks calls for adding User Behavior Analytics (UBA) to the existing cybersecurity toolbox.”
The report is based on the InfoWatch Analytical Center’s own database that aggregates public notifications of data leaks, which hit profit and non-profit (public, municipal) organizations and resulted from malicious or negligent actions by employees or external offenders. The research covers a maximum of 1% of all assumed leaks.
The high-tech sector report addresses data leaks from software and hardware vendors, telecom operators, as well as Internet providers, search engines, social media, and IT services.
The sampling does not include confidentiality breach and other incidents (such as DDoS attacks) that did not result in data leaks, or leaks from an unclear data source (where the compromised data owner cannot be identified).
InfoWatch Group is a Russian vendor of end-to-end enterprise cybersecurity solutions that effectively protect businesses against the most pressing internal and external threats. InfoWatch annually boosts its product and solution sales and leads the DLP markets in Russia and the CIS, making its products commercially available in Western Europe, the Middle East, India and Southeast Asia.