InfoWatch Analytical Center www.infowatch.ru/analytics Global Data Leakage Report, H1 2016 © InfoWatch Analytical Center, 2016 InfoWatch Analytical Center Global Data Leakage Report, H1 2016 Table of contents Table of contents .............................................................................................................. 2 In figures .......................................................................................................................... 3 Summary .......................................................................................................................... 4 Methodology ..................................................................................................................... 4 Report findings ................................................................................................................. 7 Leak channels ................................................................................................................ 13 Industry map .................................................................................................................. 16 Regional specifics .......................................................................................................... 19 Conclusion and findings ................................................................................................. 21 Leakage monitoring on InfoWatch's website .................................................................. 22 Glossary ......................................................................................................................... 23 2 InfoWatch Analytical Center Global Data Leakage Report, H1 2016 In figures In H1 2016, InfoWatch Analytical Center registered 840 data leaks revealed (in the media and other sources) worldwide, which is 16% more than in H1 2015. The data leaks resulted in 1.06 million personal data records being compromised, including social security numbers, bank card details, and other critical data. External attacks were behind 33% of the data leaks, while 67% of the leaks were caused by internal offenders. 23 mega leaks occurred in H1 2016, each resulted in the loss of more than 10 million personal data records. The mega leaks harvested 92% of all the records compromised. Inside companies, employees were responsible for 67% of the leaks, while executives caused 1% of the cases. Russia came in second in terms of the number of leaks known to the public. Over the reporting period, 110 confidential data leaks hit Russian companies and government agencies. 3 InfoWatch Analytical Center Global Data Leakage Report, H1 2016 Summary This is a report on confidential data leaks in H1 2016 prepared by InfoWatch Analytical Center. Data leak reports have occupied the front pages of media because attacks are widespread, compromise millions of data records and hit well-known brands: Alibaba, Amazon, American Express, Apple, Baidu, Blizzard Entertainment Inc, BMW, Credit Suisse Group AG, Dell, eBay, Etihad Airways, Facebook, Google, Huawei, id Software, IRS, LinkedIn, McDonald’s, Microsoft, MySpace, Neiman Marcus Group, Nokia, Seagate Technology, Time Warner Cable, T-Mobile, Tumblr, Twitter, Uber, Valve, Verizon Communications Inc, Vodafone, VTech, Wal-Mart Stores Inc, and Yahoo. Attacks were also aimed at government agencies, regional administrations, ministries, law enforcement authorities, and police offices, including even U.S. Internal Revenue Service, U.S. Department of State, and Donald Trump’s campaign headquarters. First in H1 2016, we saw a trend of political hacking, also known as hacktivism, with attacks targeted at election committees and intruders stealing dozens of millions of data belonging to Philippine, Mexican, Turkish, and US voters. The U.S. President election campaign is currently suffering from regular scandals related to server hacks and data leaks. In our Global Data Leakage Report, we assume that the more valuable digital information gets, the more data leaks and the greater volumes of compromised information we will face in the future. The growth rates may vary by region depending on the overall digital ecosystem maturity, digital data value and relevance. However, an increase in the number of leaks and the amounts of compromised data is a global trend, which, regardless of any region, is powered by emerging opportunities for data utilization in the digital world (online services, e- commerce, e-money, and digitalized intellectual property). Evidently, the more such opportunities emerge on a global scale, the more interested criminals are in digital data. Therefore, we believe that the static and dynamic analysis of global data leaks highlights the data protection challenge for all persons concerned and vividly shows what channel is the most vulnerable now and why; what industry is the most attractive for cybercriminals; and what is more dangerous: an external attack or malicious insider’s activities. The authors have no doubts that the results will be of interest to information and economic security practitioners, journalists, business owners, and executives who operate restricted information (trade, bank, and tax secrets) or other valuable information assets. Methodology The report is powered by the InfoWatch Analytical Center's own database updated and managed by its experts since 2004. The database aggregates publicly available cases1 of data leaks2, which hit commercial and non-commercial (public, municipal) organizations and resulted from malicious or negligent actions3 by employees or other parties4. The InfoWatch leak database consists of several thousand registered incidents. Where possible, each leak being logged into the database (if such information is available 4 InfoWatch Analytical Center Global Data Leakage Report, H1 2016 in the leak report) is classified according to several criteria such as organization size5, field of activity (industry), size of damage6, leak type (by intent), leak channel7, and types of leaked data. Until recently, data leaks caused from the outside (targeted attack, phishing, web hacking, etc.) were not on our radar. Since 2014, such data leaks have also been added to the database, along with internally-driven data leaks. The leak criteria list now includes an attack vector8. Moreover, since 2014 incidents have been classified by nature of intruder's actions. The report also covers cases when either officers abuse their authorized data access to cash in on payment details, insider information, etc. or employees get data they do not need for the job (beyond their access rights). The research covers a maximum of 1%9 of all assumed leaks. However, InfoWatch selected leak classification criteria in such a way that each category could contain sufficient or excessive number of elements (actual data leaks). This approach to survey fielding allows having theoretical sample, with the findings and trends identified in the sample being representative for the entire assembly. The report authors deliberately excluded both inadequately large data leaks (over 10 million personal data records) and too small incidents (less than 100 records) from the industry- specific map and diagrams provided in the 'Industry-specific Map' section in order to avoid any misrepresentations. The use of a limited sample for diagrams in the above section is expressly specified. When preparing diagrams (breakdowns), we excluded from the sample those leaks, which were not defined according to the breakdown criteria. For example, breakdown by attack vector (external threats, malicious insider’s activities) does not contain leaks with a non-defined vector. The same goes for breakdowns by person responsible, intent and other criteria. If the data is compared year-on-year, the previous year sample is adjusted (’non-defined’ leaks are also removed). 1 Information about data leaks published by government agencies, mass media, bloggers, as well as Internet forums, and other open sources. 2 Information (data) leak means an act or omission made by a person, who has authorized access to confidential information, and leading to the loss of control over such information or confidentiality breach due to either inside or external attack. 3 Data leaks are divided into intentional (malicious) and unintentional (accidental) depending on whether or not a guilty party had intention to cause a leak (see the Glossary). The terms "intentional/malicious" and "unintentional/accidental" are equal and used as synonyms herein. 4 In this report, leaks are broken down by offenders. For the first time, along with malicious insiders, the classification includes external offenders. 5 InfoWatch Analytical Center ranks companies by size depending on the known or alleged number of personal computers (PCs): small companies with up to 50 PCs; medium-size, with 50 to 500 PCs; and large, with over 500 PCs. 6 Information about damage and the number of records compromised is obtained from mass media publications. 7 "Leak channel" means a certain scenario when acts (omissions) by a corporate information system user in relation to hardware or software services result in the loss of control over information or a breach of confidentiality. For leak channel classification, see the glossary. Leak channels are determined only for the leaks caused by acts/omissions of internal offenders. 8 "Attack vector" means a path of intruder behind data leakage, including intruder's attacks on company's web assets and IT infrastructure from the outside and insider's unauthorized
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages23 Page
-
File Size-