By Jessica Ellis | August 20, 2020
The digital presence of today’s enterprise looks very different than it did earlier in the year. The COVID-19 pandemic is forcing rapid change on how many businesses use technology. From transitioning to remote workforces to delivering new online services, digital transformation initiatives that would normally span years are happening in weeks and months. Under these conditions, the likelihood of experiencing a major incident due to data leakage is very high. So much so that a recent Gartner Emerging Technologies Report highlighted data leakage as a primary concern.
In Q1 of 2020, there was a 273% increase
in records exposed compared to Q1 of 2019. This data can be found on the dark web, paste sites, forums, and social media
. Although threat actors enjoy the anonymity that selling data on the dark web provides, the surface web allows leaked data to be exposed almost instantly to a massive audience across the globe.
There are various types of data leaks as well as ways they can damage an organization. The risk posed by data leaks can vary according to the sensitivity of the data and intent of the threat actors involved. Customer or employee Personally Identifiable Information (PII) such as social security numbers or bank account details can be used to conduct identity theft or fraud. Data dumps exposing stolen login credentials can lead to account takeover as well as enable attacks targeting systems where usernames or passwords are reused.
Threat actors can also target organizations by leaking internal communications, market strategies, or intellectual property. Exposure of this nature can bring negative attention to how an organization conducts business or devalue years of research and development. In addition, leaked source code can give cybercriminals direct access to hard coded credentials and internal applications.
The below are recent examples of data leaks.
In the first example the source code of a global financial institution is exposed on a paste site.
The second example is a leaked document belonging to a large communications company.
In the last example the threat actor leaks customer credit card numbers, login credentials and home address information.
The larger an organization’s digital presence, the greater chance they have of unwanted data exposure. The growing reliance on external digital channels in the midst of COVID-19 means that even small to mid-sized organizations face increased odds of data leaked through numerous channels. Gartner
recently reported that comprehensive Digital Risk Protection
Services are critical to protect digital assets.