13 October 2017

Beware the insider in data privacy protection: Infowatch

Internal violators are the most serious threat to data privacy in Southeast Asia.  Data leaks in ASEAN countries are mainly caused by the negligence of top-level executives and employees with access to sensitive and confidential data, according to the latest research by cybersecurity and data leak prevention expert InfoWatch Group.

Just over 56% of Southeast Asia incidents of compromised data were caused by executives, employees, IT administrators and other authorised personnel, the company said. The other 44% were the result of external attacks and former employees. The global figure is higher at nearly 60%.

Source: Infowatch. Up to 56% of Southeast Asia incidents of compromised data were caused by executives, employees, IT administrators and other authorised personnel.
Source: Infowatch. Up to 56% of Southeast Asia incidents of compromised data were caused by executives, employees, IT administrators and other authorised personnel.

“It is a disturbing sign to see that a relatively high percentage of leaks stem from top managers and system administrators who fall into the category of ‘privileged users’,” said Vladimir Shutemov, Chief International Business Development Officer of the InfoWatch Group.

Shutemov, who also heads InfoWatch SEA operations based in Kuala Lumpur, added, “Leaks due to blunders, intentional violation of rules or malicious activities of privileged users are the most destructive as they have more access to sensitive data compared to rank-and-file employees.”

Shutemov was citing the latest findings of InfoWatch research unit InfoWatch Analytics Center, on data leaks reported by governments and commercial and non-commercial organisations in Southeast Asia, South Korea, India and Bangladesh. The research was based on information sources in the media and other public domains between July 2016 and July 2017.

Shutemov said users with advanced permissions either unwittingly or deliberately cause the leakage because they were “unhappy” with any attempt by their organisations to control their PCs, laptops and mobile phones.

By industry category, the research also pointed out that up to 43% of leaks in Southeast Asia stemmed from public institutions including government, military and law enforcement agencies, compared to only 13% worldwide.

Source: Infowatch. Southeast Asia stood out for the number of leaks stemming from the public sector.
Source: Infowatch. Southeast Asia stood out for the number of leaks stemming from the public sector. 

In Southeast Asia, South Korea, India and Bangladesh, the report found that personal data comprised almost 77% of the leaks, followed by payment details at 15%, trade secrets or knowhow at 5%, and state secrets contributing 3%.  In comparison, 62% of data leaked globally was personal data, while up to 31% of data stolen were of payment details.

Source: Infowatch. Almost 77% of leaks were around personal data in Southeast Asia.
Source: Infowatch. Almost 77% of leaks were around personal data in Southeast Asia.

“In line with global trends, Southeast Asia and other Asian countries are striving to improve cybersecurity. Their governments have toughened up personal data laws, while enterprises more and more often use information security tools against external and internal intruders. But more needs to be done as technology advances and the intruders become more sophisticated,” said Shutemov.

In terms of channels, browsers and cloud storage turned out to be the most common places where data is leaked, accounting for almost 74% of all cases, while equipment loss, such as stolen laptops, and the popular use of instant messaging apps together caused 14% of leaks. Globally, browsers and cloud storage figured in 61% of data leaks, followed by email (23%), and paper documents (8%).

InfoWatch currently serves more than 1,500 large customers worldwide with its proprietary and patented cybersecurity technologies. Its suite of data leak prevention and cybersecurity solutions can analyse content in Asian languages for the prevention of data leaks, including in Malay, Bahasa Indonesia and Vietnamese.

Established by Natalya Kaspersky in 2003, InfoWatch pioneered the data leak prevention (DLP) market. InfoWatch products are available in the Middle East, India and Southeast Asia.