The share of intentional leaks of confidential data in Russia exceeded the world level and reached 79.7%, InfoWatch calculated. The worsening economic situation in the country has motivated public and private sector employees to illegally monetize data. The companies that made the leaks, first of all, bear reputational risks, experts say. To remedy the situation, they advise increasing the digital literacy of staff: thanks to vigilant colleagues, insiders will be less likely to get data.
Kommersant got acquainted with the InfoWatch study, which is devoted to information leaks with limited access for 2020. It follows from it that the share of intentional leaks in Russia (79.7%) exceeded the world one (76.8%) last year. Back in 2019, the Russian indicator was 47.7%, and the world indicator was 65.7%. In general, the Russian Federation occupied 16.9% of the global volume of information leaks. More than 40% of them were in technology and finance. In just a year, more than 100 million records of personal data and payment information were leaked.
The number of deliberate leaks from commercial and government organizations in Russia increased by 60% over the past year. Unscrupulous bank managers, employees of telecom operators and retailers deliberately committed crimes, leaking confidential data to interested parties or independently using client information for fraudulent purposes, experts at InfoWatch explain. The share of intentional leaks is growing worldwide: “If three or four years ago the rate of such violations in most countries did not exceed 50%, then in 2020 it was more than 70%.”
Krok and EveryTag analysts reported that against the background of the transition to remote work in Russia, the number of corporate data leaks using photographs or screenshots of screens increased: such leaks account for 35% of the total (see Kommersant, June 28). Experts attributed the growth of such incidents to the proliferation of security systems that make other ways of stealing data from companies impossible.
The pandemic not only contributed to digitalization, but also motivated hackers and employees to illegally monetize data, according to InfoWatch. Difficult economic conditions could push employees to sell data, analysts from Infosecurity a Softline Company agree: “Breaking the confidentiality regime has become less important for them than the opportunity to make money on the data.” Since the beginning of the pandemic, a noticeable number of incidents have been leaks from healthcare institutions, notes Alexei Parfentiev, head of the analytics department at SerchInform: “In Russia, according to our estimate, in 100% of cases there were intentional insider leaks”.
Experts find it difficult to assess the direct damage from deliberate data leaks. But the company that leaked is suffering indirect losses. “The leaking of the database leads to a gradual churn of customers, the leakage of data on the upcoming transaction can disrupt the M&A processes, the loss of personal data of users entails phishing attacks,” says InfoWatch.
The situation is complicated by the fact that there is virtually no cyber insurance in Russia, which is why companies often cannot measure the price of information, says Alexey Parfentiev. According to him, a survey of thousands of companies showed that 4% record large financial damage after leaks, and 25% – minor. Reputational losses, he said, were the most mentioned (27%).
Teaching employees the basics of information security could reduce the number of incidents of data compromise, says Elena Molchanova, a representative of the direction for increasing digital literacy at Kaspersky Lab: “Employees with high digital literacy treat data carefully, thus, an insider is much less likely to receive information: she it does not reach him thanks to vigilant colleagues. “