A vast majority (91%) of companies experience data leaks due to insiders’ actions.

According to SearchInform analysts, who studied security incidents in more than 100 companies, malicious actors are generally interested in technical information (blueprints and schemes, design documentation, laboratory test data, etc). This category of corporate information accounts for one-third of all leaks.

A further 17% are leaks of accounting and financial documents (reports, invoices, budget estimates, payroll information, etc).

Personal data leaks account for about 5% of all incidents. However, the small percentage doesn’t indicate insignificance of these leaks. Due to the peculiarities of personal data storage, in case of leakage, big arrays of sensitive data are compromised, including full names, credentials, phone numbers and home addresses.

Sergio Bertoni, leading analyst at SearchInform, comments: “We pay special attention to personal data leaks due to their high public significance. When this information is publicly available, it can cause a lot of problems for the victims. Users face hacking of their accounts, become victims of social engineers, blackmailers, stalkers. For companies, this creates the risk of reputational losses, lawsuits from victims and regulatory sanctions.”

USBs and other types of external devices (including smartphones connected via USB) remain the most popular information leak channel. In 21% of cases information is exposed via email, and in another 19% of cases it is uploaded to cloud storage services.

Sixty percent of information leaks happen due to unintentional actions by employees: mistakes, inattention, and poor understanding of information security rules.

Bertoni says: “Employees may try to take information outside the perimeter without a solid understanding that these are documents with sensitive information.

“Moreover, they often become victims of phishing attacks and send sensitive data to fraudsters, thinking that they are communicating with legitimate recipients (colleagues or government representatives).

“Companies can significantly reduce the risk of such leaks by investing efforts in developing corporate IS culture, employees’ IS literacy, and by deploying technical protection tools. To protect data against intentional leaks, software should not only protect all popular data transfer channels, but help to conduct retrospective investigations as well.”