The digital presence of today's enterprise looks very different than it did earlier in the year. The COVID-19 pandemic is forcing rapid change on how many businesses use technology. From transitioning to remote workforces to delivering new online services, digital transformation initiatives that would normally span years are happening in weeks and months. Under these conditions, the likelihood of experiencing a major incident due to data leakage is very high. So much so that a recent Gartner Emerging Technologies Report highlighted data leakage as a primary concern.
In Q1 of 2020, there was a 273% increase in records exposed compared to Q1 of 2019. This data can be found on the dark web, paste sites, forums, and social media. Although threat actors enjoy the anonymity that selling data on the dark web provides, the surface web allows leaked data to be exposed almost instantly to a massive audience across the globe.
There are various types of data leaks as well as ways they can damage an organization. The risk posed by data leaks can vary according to the sensitivity of the data and intent of the threat actors involved. Customer or employee Personally Identifiable Information (PII) such as social security numbers or bank account details can be used to conduct identity theft or fraud. Data dumps exposing stolen login credentials can lead to account takeover as well as enable attacks targeting systems where usernames or passwords are reused.
Threat actors can also target organizations by leaking internal communications, market strategies, or intellectual property. Exposure of this nature can bring negative attention to how an organization conducts business or devalue years of research and development. In addition, leaked source code can give cybercriminals direct access to hard coded credentials and internal applications.
The below are recent examples of data leaks.
