Data leakage attacks almost double

The research from Imperva shows the number of data leakage incidents accelerated in the second half of 2020. Between Q3 2020 and Q4 2020, there was a 47 percent increase in information disclosure through data leakage attacks. In the healthcare industry alone, the single-day peak for data leakage attacks in early January 2021 – 9,008 – is higher than any day in 2020.

Imperva expects this trend to continue in 2021 as more organizations realize the impact of the record volume of attacks they faced over the past 12 months. At the same time, the risk of significant financial and reputational damage from data leakage attacks has risen exponentially. In April 2020, the UK’s Information Commissioner’s Office (ICO) began issuing fines for personal data breaches under GDPR rules. Since then, fines have increased more than 20-fold: from £1.515m in the 12 months previous, to £39.65m. In addition, data from the ICO shows that between November 2019 and October 2020:

• Data leakage attacks, both online and physical, represented at least 59 percent of all data breaches reported to the ICO where the cause could be identified.
• UK organisations suffered at least 3,770 data breaches caused by accidental data leakage attacks.
• Healthcare was the most likely sector to suffer a data leakage attack, followed by education, finance, insurance and credit, legal and local government.

Imperva believes this is just the tip of the iceberg, as accelerated digital transformation projects are likely to introduce even more data security risks in 2021.

“Data security should never be an afterthought – but sadly it often is, particularly when organisations prioritise speed over security. The rush to maintain business continuity in 2020 has accelerated change at such a pace that huge gaps now exist in process and protection around data,” said Chris Waynforth, AVP Northern Europe at Imperva. “It is naïve to think that it is only human access to data leads to compromise. Over 50% of access requests to databases are coming not from users, but application to application. Privileged Access Management (PAM) simply isn’t enough anymore. It’s why Database Activity Monitoring should be a key component of a successful approach to protecting against data leakage attacks.” Waynforth continued: “Additionally, more data now resides outside the traditional IT perimeter; often in hybrid and multi-cloud environments, which are outside of the security team’s purview. The challenge now is to take stock and close any gaps that may have been created, but many don’t know where to start, or that they even have a problem.  This lack of focus on data security is likely to come home to roost in the year ahead, when data starts to show up across the dark web and customers are impacted.”

There are immediate actions organisations can take to protect their data:

• Discover and classify sensitive data – Understanding where data is stored, and the risk it poses to the organisation, is an essential part of forming a strategy. This includes rogue or dormant databases that have been forgotten inside the corporate network, or new databases that have been created in the cloud.
• Only keep what is necessary – If data has limited or no value as an asset but high liability – such as old customer data or financial reporting – it may be safer to delete the data.
• Control access – Database administrators, software developers and marketing specialists do not need access to the same data. Limiting what information employees can access, and how many records they can retrieve at once, reduces the risk of data leakage, whether accidental or deliberate.
• Monitor activity – Visibility of what users are doing with sensitive data is essential to identifying and preventing data leakage attacks. Being able to identify whether a user should have access to particular data; is using it in an appropriate manner; and is doing so during normal working hours, will help identify potential data leaks before they happen.
• Quarantine and triage – If the organisation identifies a potential data leakage attack it must be able to react quickly; alerting security teams, blocking users, quarantining data and reporting on activity so that the security team can triage the threat and ensure there is no risk.    

“Data security has to be built in from the ground up as an essential part of any digital strategy,” concluded Chris Waynforth. “Causes of data leakage can be as simple as misconfiguring a database, failing to have the right controls in place, or lapses in policy, procedure and user education. Risk management needs to start with the data, taking an inside-out view to ensure it is protected at every stage of its lifecycle. Correctly applied, this not only helps to reduce accidental data leakage, but also help protect against malicious attacks and strengthen organisational security as a whole.”