The number of data leakage incidents grew by an “unprecedented” rate in 2020, a new report from Imperva argues. Through online means alone, not counting leaks caused by lost hardware or word of mouth, Imperva researchers tracked a 93 percent rise.
By the end of the year, Imperva had identified a total of 1.7 million leaks, with the the number growing even faster in the second half of the year. Between Q3 and Q4, there was a 47 percent increase.
Imperva expects the data leakage trend to continue “as more organizations realize the impact of the record volume of attacks they faced over the past 12 months.” It seems we are already on the right track, as a single day in January this year saw 9,008 data leakage attacks, more than any day in 2020.
Further, with increased risk and increased leakage also came a larger quantity of fines. Since the Information Commissioner’s Office (ICO) began issuing fines for breaches of GDPR, they have increased in aggregate size by more than 20 times – rising to $54.22m last year.
“The rush to maintain business continuity in 2020 has accelerated change at such a pace that huge gaps now exist in process and protection around data,” said Chris Waynforth, AVP Northern Europe at Imperva.
“It is naïve to think that it is only human access to data leads to compromise. Over 50 percent of access requests to databases are coming not from users, but application to application. Privileged Access Management (PAM) simply isn’t enough anymore. It’s why Database Activity Monitoring should be a key component of a successful approach to protecting against data leakage attacks.”
“Additionally, more data now resides outside the traditional IT perimeter; often in hybrid and multi-cloud environments, which are outside of the security team’s purview,” Waynforth continued. “The challenge now is to take stock and close any gaps that may have been created, but many don’t know where to start, or that they even have a problem. This lack of focus on data security is likely to come home to roost in the year ahead, when data starts to show up across the dark web and customers are impacted.”