Story image

Employees, C-level & IT staff behind more than half of ASEAN data leaks

24 Oct 17

Top-level executives and employees may be to blame for more than half of data leakages in ASEAN countries, and only 44% are the result of external attacks, according to recent research from InfoWatch.

56% of data leakages involved Executives, employees, IT administrators and other authorized personnel – only slightly lower than the global statistics of 60%. 43.9% of attacks were caused by external attacks, compared with 38.2% globally.

Much of the leaked data in Southeast Asia, South Korea, India and Bangladesh comprised personal data (76.9%) and trade secrets (15.4%), as well as state secrets (2.6%) and payment details (5.1%). Globally, personal data accounts for 62.3% of all leaked data and trade secrets account for 31%.

“Billing information leaks happen much more seldom than in the rest of the world,” the report states.

Employees in Southeast Asia were responsible for 48.8% of leaks; followed by external intruders (41.9%) and C-level executives (2.1%). Even IT staff account for 2.3% of all leaks, the report says.

InfoWatch Group chief international business development officer Vladimir Shutemov says, “It is a disturbing sign to see that a relatively high percentage of leaks stem from top managers and system administrators who fall into the category of ‘privileged users’.” 

Although Southeast Asia and other Asian countries are improving security, there’s room for improvement, Shutenov says.

“In line with global trends, Southeast Asia and other Asian countries are striving to improve cybersecurity. Their governments have toughened up personal data laws, while enterprises more and more often use information security tools against external and internal intruders. But more needs to be done as technology advances and the intruders become,” he explains.

The report also found that network applications such as web browsers and the cloud are the main forms in which data is leaked. In ASEAN, they were responsible for 73.8% of leakages, more than 10% higher than the global figure of 61.5%.

ASEAN countries also lost data in many other categories including instant messaging (7.1%), theft/equipment loss (7.1%), printed documents (4.8%), email (4.8%) and mobile devices (2.4%). Globally, email was the second most common category for data loss, accounting for 23.1%.

The government and military sector also saw 43.2% of leakages originating from government and military agencies, far higher than the global average of 13.1%.

Trade (15.9%) and high technology organisations (11.4%) were also common areas for data leakages in Southeast Asia and worldwide.

The research focused on leaks reported from commercial, non-commercial and government organisations between July 2016 and July 2017.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.