InfoWatch, a global market leader in Data Leakage Protection solutions, issued its ‘Global Data Leakage’ report for the first half of 2014.
Out of the 654 leaks of confidential information that were recorded and reported in the media in the first half of 2014, it was found that employees were responsible for 71% of cases.
Based on the report, there were 32% more data leaks in first half of 2014 compared to the same period in 2013.
An estimated 450 million records were compromised, including financial and personal data across multiple sectors, with approximately 89% of information leaks involving personal data.
Direct data leaks involved 83% as cases of information compromise, 11% as leaks recorded in relation to employees using their job positions for personal gain, and 5% as leaks resulting from employees having increased access rights to information.
Vadim Kuznetsov, Director of International Sales of InfoWatch commented, “In 71% of cases the guilty parties in terms of information leaks were company employees – current or former (69.2% and 1.4%, respectively). Organisations should take note that the majority of leaks are happening from within, and that personal data is more often the target as it is used for purposes of fraud – crimes known as identity theft. Internal and external hackers try by any means to obtain access to bases with personal data of a company’s clients and employees, and they use this data to conduct fraudulent financial transactions. For organisations it is time to consider measure to prevent data leakage.”
The report is based on InfoWatch’s own database, which has been updated since 2004 that covers information leaks which have occurred in organisations as a result of the inadvertent or intentional actions of employees, and which have been reported in the media or other publicly available sources.
The InfoWatch Analytical Center provides a comprehensive analysis of confidential information leaks which makes it possible to estimate the level of data protection in various industries, and compare the overall picture of data leaks between mature and emerging markets in terms of Information Security regulations.
As of 2014, data leaks resulting from external attacks such as targeted attacks, phishing, and hacking a web resource have been added to the database. Besides that, incidents are now classified by the nature of the perpetrator’s activities. Along with the leaks, the report identifies instances where an employee who has legitimate access to data uses it for purposes of fraud, such as tampering with payment data and insider information, and when an employee obtains access to data that they do not need for the performance of their duties, such as exceeding access rights.
The statistics found in this report clearly show that leaks through “traditional” channels – mail, e-mail, paper documentation, theft and loss of equipment – still form the lion’s share of accidental leaks.
In the first half of 2014, the US occupied the first spot in terms of the number of global data leaks, with 417 reported during that period. Russia was second with 96 breaches, followed by the United Kingdom in third place with 41 leaks.