Data leakage attacks grew by 93 percent in 2020 shows Imperva research
- Published: Friday, 29 January 2021 09:31
Imperva researchers monitored an unprecedented 93 percent rise in the exposure of information through online data leakage attacks in 2020 - incidents where data was transmitted from an organization’s corporate network to an external destination, whether accidentally or deliberately, without authorisation. This came at a time when organizations further evolved their traditional IT infrastructure into an ecosystem of APIs, microservices and hybrid or multi-cloud environments. Imperva’s researchers detected 883,865 data leakage attacks worldwide at the start of 2020; by December, that number had soared to more than 1.7 million. When considering that data leakage can also happen via physical means, for instance through lost or stolen devices or verbal communication, the final figure of all data leakage will be even higher.
The research from Imperva shows the number of data leakage incidents accelerated in the second half of 2020. Between Q3 2020 and Q4 2020, there was a 47 percent increase in information disclosure through data leakage attacks. In the healthcare industry alone, the single-day peak for data leakage attacks in early January 2021 – 9,008 – is higher than any day in 2020.
Imperva expects this trend to continue in 2021 as more organizations realize the impact of the record volume of attacks they faced over the past 12 months.
There are immediate actions organizations can take to protect their data:
- Discover and classify sensitive data – understanding where data is stored, and the risk it poses to the organization, is an essential part of forming a strategy. This includes rogue or dormant databases that have been forgotten inside the corporate network, or new databases that have been created in the cloud.
- Only keep what is necessary – if data has limited or no value as an asset but high liability – such as old customer data or financial reporting – it may be safer to delete the data.
- Control access – database administrators, software developers and marketing specialists do not need access to the same data. Limiting what information employees can access, and how many records they can retrieve at once, reduces the risk of data leakage, whether accidental or deliberate.
- Monitor activity – visibility of what users are doing with sensitive data is essential to identifying and preventing data leakage attacks. Being able to identify whether a user should have access to particular data; is using it in an appropriate manner; and is doing so during normal working hours, will help identify potential data leaks before they happen.
- Quarantine and triage – if the organization identifies a potential data leakage attack it must be able to react quickly; alerting security teams, blocking users, quarantining data and reporting on activity so that the security team can triage the threat and ensure there is no risk.