IT upgrades in 2020 led to surge in data leakage

• The year started with  883,865 data leakage attacks worldwide but ended with more than 1.7 million
• There was a 93% rise in the exposure of information through online data leakage attacks in 2020
• The surge comes with organizations evolving their traditional IT infrastructure, says Imperva

The overnight move from the office to remote working, for many at least, seemed to go without a major hitch. Under the surface, as organizations evolved their traditional IT infrastructure into an ecosystem of APIs, microservices, and hybrid and multi-cloud environments, 2020 marked the biggest year on record for data leakages — where data is transmitted from an organization’s corporate network to an external destination without authorization.

Findings by Imperva researchers saw a 93% rise in the exposure of information through online data leakage attacks in 2020. At the start of the year alone, a staggering 883,865 data leakage events (which can be caused accidentally or deliberately) were detected worldwide and, by December, that number had soared to more than 1.7 million.

The data shows that the number of data leakage incidents accelerated in the second half of 2020 and between the third and fourth quarter, there was a 47% increase in information disclosure through data leakage attacks.

In the healthcare industry alone — one which is highly targeted by attackers due to the sensitive nature of its data — the single-day peak for data leakage attacks in early January 2021 (9,008) came out higher than any day in 2020.

The trend is expected to continue in 2021 as more organizations realize the impact of the record volume of attacks they faced over the past 12 months.

Fines issued by the UK’s Information Commissioner’s Office (ICO) since April 2020, too, have increased more than 20-fold: from US$2 million in the 12 months previous, to US$54 million.

Biggest data breaches in 2020

On January 30, security researcher Jeremiah Fowler discovered a database online that contained what he says was “a massive amount of records.” The database belonged to cosmetics giant Estée Lauder and contained a total of 440,336,852 records.

Fowler told Forbes that the entire database was accessible to anyone with an internet connection, so anyone could have potentially had access or stolen the data while it was unprotected. The records contained user emails in plain text, references to reports and other internal documents, IP Addresses, ports, pathways, and storage information.

In a statement, the company noted that the database was from an “education platform,” which did not contain consumer data. No evidence was found of unauthorized use of the data.

The user-generated stories website Wattpad in June 2020 suffered a huge data breach that exposed almost 268.745.495 million records. The data was initially sold in private sales of over US$100,000 and then published on a public hacking forum where it was broadly shared for free, according to Bleeping Computer.

The hotel chain Marriott announced another major security breach on March 31, 2020, that impacted data from more than 5.2 million hotel guests who used the loyalty application of their company.

Zoom experienced a spike in usage due to the pandemic and became vulnerable to multiple security threats, and ultimately became a victim of a data breach. In the first week of April 2020, reports of more than 500,000 stolen Zoom passwords available for sale in dark web crime markets shook the users of the application.

This month, the European Medicines Agency (EMA) was subject to a data breach, with Pfizer and BioNTech Covid-19 vaccine data leaked online by threat actors.

What should businesses do to avoid a data leakage?

Imperva believes the reported hike in data leakage is just the tip of the iceberg, as accelerated digital transformation projects are likely to introduce even more data security risks in 2021.

There are immediate actions organizations can take to protect their data including discovering and classifying sensitive data; only keeping data that is necessary, and controlling access —including how many records employees can retrieve at once which in turn would reduce the risk of data leakage, whether accidental or deliberate.

Organizations should also quarantine and triage. If the organization identifies a potential data leakage attack it must be able to react quickly; alerting security teams, blocking users, quarantining data, and reporting on activity so that the security team can triage the threat and ensure there is no risk.