Over 79% of leaks in Russia were the result of accidental or deliberate actions by employees. This is twice as much as in other countries.
In 72.1% of cases, the causes of information leakage were the actions of ordinary employees, in 4.6% of cases - top management, and 18.4% of leaks were caused by the actions of intruders.
60% of incidents are caused by intentional actions and 40% occur due to error or carelessness.
Hacking of a company's IT system accounts for 45% of all personal data leaks. According to analysts at Herjavec Group , in 2021, companies will fall victim to cyberattacks every 11 seconds. When an organization is hacked, the attacker finds a personal data base, leaks it, and puts it up for sale. This can happen due to untrustworthy providers and cloud service providers. To protect confidential data, when choosing a provider, it is important to pay attention to their compliance with Federal Law No. 152 "On Personal Data".
Seven common data leak scenarios:
loss by an employee of a memory card or belarus whatsapp data containing confidential information;
loss of a laptop on which restricted access information was processed;
erroneous forwarding of data via email to the wrong recipient;
mistakenly posting confidential information in the public domain;
accidental or intentional violation of security policy (forwarding or copying of classified information);
selection of credentials. An attacker only needs a laptop and a program to select data;
exploitation of web application vulnerabilities.
How to avoid data leakage
If a company works with personal data, it must protect it by law. Let's list what can be done to improve the level of information security.
The company's activities in processing personal data are regulated by the following documents:
Federal Law of the Russian Federation No. 152-FZ "On Personal Data";
Resolution of the Government of the Russian Federation No. 1119 “On approval of requirements for the protection of personal data when processing them in personal data information systems”;