RSS
Translated by
2020/07/09 15:51:03

Information leaks in Russia

Main article: Date leaks

Content

Date leaks from Banks of Russia

Main article: Date leaks from Banks of Russia

2020

There was a leakage of passport data of participants vote online under amendments in the Constitution

On July 9, 2020 it became known of leakage of passport data of participants vote online under amendments in the Constitution. Read more here.

The Darknet sell to * B access to all surveillance cameras of Moscow

On July 7, 2020 on Twitter blog of cybersecurity company Shadow Intelligence told that the account with the nickname Zpoint in the Darknet suggests to sell access to all surveillance cameras in Moscow which are installed on entrances of houses, parkings, in parks, clinics and schools.

Affirms as the declaration that the buyer can get access to them in real time and also to archive of video in five days. According to data of capital DIT, so much time is also stored information from cameras in the territory of Moscow.  According to Telegram channel  of Information leak, access such it is possible to get for 30 thousand rubles.

The Network suggests to purchase access to surveillance cameras of Moscow for 30 thousand rubles

Experts of DeviceLock company also detected on the Internet of the offer on sale of accesses to data from the cameras of a city video surveillance system which are stored in the Uniform center of storage and data processing of Moscow (ETsHD).

The Department of Information Technologies (DIT) of Moscow reported that only authorized staff of bodies of executive power and law enforcement agencies have the ETsHD data access. Providing such access to other persons is illegal, added there.

File:Aquote1.png
The Moscow Department of Information Technology systemically monitors Internet space regarding emergence of similar publications. Information on the resources suggesting to get direct access to city cameras is reported to competent authorities for conducting checks, said in the statement of DIT.
File:Aquote2.png

The expert in cyber security of Kaspersky Lab Dmitry Galov reported to RBC that at specialized forums declarations of providing for money of access to surveillance cameras in the cities worldwide periodically appear.

File:Aquote1.png
Malefactors are in the similar systems actively interested and try to get  access both to public cameras, and to house. For this purpose they can operate vulnerabilities in the equipment, get access because of the wrong configuration of the used software or just select passwords  — Galov explained.[1]
File:Aquote2.png

More than 60% of the Russian companies are called responsible for leakages of the leaving specialists

The Rostelecom-Solar company provided 30 iyuennik". The research showed: more than 60% of the Russian companies call the leaving specialists responsible for information leaks, in 13% of cases it is about transfer to the new employer of confidential information on conditions of transactions and tenders, confidential developments and a know-how from a prior workplace.

The crisis in economy caused by a coronavirus pandemic provoked mass reductions in the commercial sector, pay cut and growth of personnel rotation. With transition of the companies "on an udalenka" experts of Rostelecom recorded 25% growth of number of the incidents connected both with accidental leak of confidential information, and with attempts of deliberate "draining" of data. Not least it occurs because of departing employees. Due to the aggravation of a problem specialists conducted survey of representatives of the Russian business on a subject what employees bear the companies the greatest risks regarding information leaks what confidential data are carried away by departing employees and as use further.

Having analyzed survey results, experts found out that more than 60% of the companies estimate leakages of confidential data because of departing employees as the most critical. A little more than 22% of respondents are sure that the greatest damage to data assets of the company is caused by participants of the tender procedure or key transaction. And only in 10% of cases the threat proceeds from employees on a probation period.

As for types of information, flowing away from the companies because of departing employees, in 61% of cases it is customer bases of data, in 19% – confidential information under the terms of transactions and tenders, and in 15% – secrets of developments and a know-how. However the last two categories of data, at their use by the left employees on new work location, cause to the old employer the greatest financial damage.

File:Aquote1.png
If the departing employee passes to the direct competitor and carries away with himself valuable practices which can give serious advantage, for example, technology, it is fraught for the company with critical effects up to business loss. The innovative developments of the company and a know-how, analytical calculations and results of researches, information on unique processes – all this, having got to competitors, will allow them to reduce backlog or even to shoot ahead. This risk is most critical in highly competitive and intelligently capacious spheres, - the area manager DLP of PJSC Rostelecom Galina Ryabova notes.

File:Aquote2.png

Really, 13% of representatives of the Russian business are sure: former employees transfer to the following employer the classified information under the terms of transactions and tenders and also the valuable intellectual property of the previous company. And almost in half of cases the companies of the hi-tech sphere ITTelecom (/), in 24% of cases – industrial production in 18% – the organizations suffer from such leaks financial sector.

For research purposes experts of Rostelecom held online poll of audience of the websites and social networks of several Russian IT of media and also users of own Internet resources of the company. Representatives of the enterprises relating to segments of SMB, SME and Large Enterprise participated in poll. The IT/Telecom, the Industry, Finance, Power, Retail, Construction, Services and some other the directions – only over 10 industries entered an industry landscape of the polled companies.

Date leak about 5 million pupils and the staff of language online school Skyeng

On June 27, 2020 it became known that Telegram-канал In4security detected date leak of 5 million pupils and staff of language online school Skyeng. Data in base were original, but the company did not confirm the fact of leak or cracking. Read more here.

The Ministry of Justice of the Russian Federation suggested to increase penalties for a personal data leakage considerably

Ministry of Justice of the Russian Federation suggested to increase considerably penalties for leak personal data. It is offered to implement it by amending the Code of Administrative Offences (Administrative Code). Personal data in the offered version of the Administrative Code the Ministry of Justice suggests to increase penalties for leak in some cases more than ten times. In case of adoption of amendments of change will concern both legal persons, and officials and also the individual entrepreneurs (IE) together with natural persons. It became known on June 3, 2020. In more detail here.

Illegal unloading of data on customs declaring is opened

On May 12, 2020 it became known that the transmission channel of the data of limited access which are illegally received from databases FCS Russia was opened by the staff of Management on anti-corruption and information security Services FCS of Russia together with representatives of Service on anti-corruption of the Northwestern Customs Office. In more detail here.

In Network the customs database of the Russian Federation for 2012-2019 flowed away

On March 12, 2020 it became known that the complete database containing information on all export-import transactions of the Russian companies for 2012-2019 (data on all customs posts of the Russian Federation) was offered for sale in Network. Read more here.

The database of clients "Red and white" became available to downloading to all

On January 28, 2020 it became known of date leak of clients of network of the alcoholic beverages stores "Red and White". The base of the loyalty program got to the Internet. Read more here.

2019

Honor growth of leaks by 1.5 times

On July 7, 2020 the expert analytical center InfoWatch Group issued the annual report devoted to date leaks for 2019 in Russia. For 2019 395 cases of information leak from the Russian companies and state bodies were recorded, more than 172 million records of personal data and payment information were as a result compromised. Comparative results of a research showed that in relation to 2018 cases of leaks became 46% more, and the number of records of the compromised user information grew more than by 6 times.

In Russia the Network and paper documentation — 53.4% and 17.5% of cases, respectively became the most widespread channels of leaks. More than 10% of data merge through services of instant messages (a voice, the text, video). In a research it is noted that in 72.1% of cases guilty of information leak were non-management employees of the companies, in 4.6% of cases — top management of the organizations, in 18.4% – hackers and unknown persons.

File:Aquote1.png
Annually investigating the facts of information leaks, we note that the greatest chances to become promulgated have date leak cases as a result of thefts for sale to the indefinite group of people. Besides, actions of activists for achievement of public and political goals and also leaks from the largest and known companies usually become known. Practically all Russian leaks over 1 million records are connected with hit in open access of large databases, presumably, because of technicians errors at setup of remote access to information warehouses, - the head of analytics and special projects Andrey Arsentyev says.
File:Aquote2.png

On number of leaks Russia takes the seventh year in a row the second place in world distribution (after the USA), in the country personal data and payment information most often "flow away" — 87.3% of the leaks which happened in 2019 are the share of these data types. At the same time it is important to specify that more than a half of amount of data compromised in Russia in 2019 it falls on one incident which result was a compromise over 90 million records containing data on legal entities and physical persons because of an error in settings of the server of the fiscal data operator Drimkas.

Nearly a half of the revealed leaks happened in the state and municipal bodies and also in the hi-tech industry (the company of the sphere of communication, information technologies, electronics, etc.). Almost every fifth leak of confidential information in Russia is integrated to fraudulent activity (first of all this design of the credits by managers of the organizations for someone else's data).

In Russia, despite a number of features, such as minimum sanctions for date leak, limited use of the "digital" personality for receiving services, in the field of security of information, the trends similar to universal are observed. However taking into account the amendments adopted in the spring of 2020 in the regulatory legal acts connected with remote provision of services and also spasmodic growth of number far off of the working employees it is necessary to expect growth of leaks via electronic channels due to decrease in a share of paper document flow.

The average penalty for date leak from the company in Russia is estimated at 30 thousand rubles

In 2019 six penalties and solutions on payment of compensations which were imposed on the companies in Russia for personal data leakages are recorded. These are 2.8% of  total number of the penalties for  different violations which are taken out by Roskomnadzor  in the field of data protection, data of InfoWatch demonstrate.

According to experts, in a research incidents which became known publicly were considered. In them the total penalty made 180.5 thousand rubles or 16.4% of  the total amount of penalties for  violations of the law about  personal data protection.

In 2019 the quantity of penalties and solutions on payment of compensations for personal data leakages in the companies worldwide, increased approximately by 90%

The average amount of financial punishment of business for a personal data leakage in the Russian Federation at the end of 2019 was a little more than 30 thousand rubles or $465, proceeding from weighted average rate of dollar in a year. For comparison, the average penalty was measured in Britain by $50.6 million that in 107 times more, than in Russia.

File:Aquote1.png
Unlike the USA and the European Union, the Russian legislation in the field of personal data protection so far rather soft, but provision begins to change — the head of analytics and special projects of Infowatch Andrey Arsentyev says. — For example, responsibility for failure to meet requirements about a personal data storage in the territory of Russia is already toughened.
File:Aquote2.png

According to the expert, you should not copy widely the western approaches as by March, 2020 the sphere of corporate information security in Russia remains rather young and experiences serious staff deficit, techniques of data protection and experience of use of modern technical solutions. But experience of foreign information regulators needs to be studied, critically to reinterpret and correctly to adapt for the domestic soil, Arsentyev considers.

Add to Infowatch that to the Russian legislative practice there are changes  towards toughening to  requirements of protection of personal data in many respects because regulators began to belong to  protection of such information more exactingly.[2]

The employee of large mobile operator sold personal data of subscribers

On December 30, 2019 it became known that the citizen of Russia Denis Kunavin sold personal data of subscribers of large Russian mobile operator. He possessed up-to-date information as he was an employee of this company.

According to prosecutor's office of Sverdlovsk region, Kunavin's frauds with personal data were opened. At the end of December, 2019 the Chkalovsky district court of Yekaterinburg to it pronounced a conviction – restriction of freedom for three years, however at the time of the publication of material it did not take legal effect.

According to the investigation, Denis Kunavin worked on the telecom operator during the period from 2017 to 2019 at a position of the specialist. It had an access to personal information about subscribers to whom it also used for the purpose of personal enrichment.

As it became known, in 2018 and 2019 Kunavin directly from the workplace repeatedly copied personal data then marketed to their customers. He estimated detailed information on one subscriber at 300 rub. Total number of victims of Kunavin's actions of people is not determined yet as also the personalities of his "clients" are not identified.

According to prosecutor's office, Denis Kunavin was informed on that, the information about subscribers of the cellular companies is protected by the Constitution of Russia. According to Part 2 of Article 23, the Constitution guarantees the mystery of telephone negotiations, and violation of this right without the consent of the subscriber is pursued under the law.

As a result Kunavin was found by court guilty according to Part 2 of Article 138 of the Criminal Code of the Russian Federation (the violation of a mystery of telephone negotiations and other messages of citizens made by the person using the official position). As punishment for it the law provides a penalty in the amount of 100 thousand rubles up to 300 thousand rubles or in the amount of the salary or other income of the convict for the period from one to two years. Also to it can award deprivation of the right to hold certain positions or to be engaged in a certain activity for a period of two up to five years, arrest for a period of up to four months or imprisonment for a period of up to four years.

In addition Kunavin was accused according to Part 3 of Article 272 of the Criminal Code of the Russian Federation (illegal access to the computer information protected by the law if this act entailed copying of computer information, made from mercenary interest, made by the person using the official position). Here it was threatened by a minimum a penalty up to 500 thousand rubles and a maximum imprisonment for a period of up to five years.

However Kunavin managed to avoid serious punishment for the crimes. By a court decision, he was sentenced only to three years of restriction of freedom.

You should not confuse restriction of freedom with its deprivation. Restriction is meant as the fact that the convict has no opportunity to leave the dwelling in a certain time of day, to visit certain places, to leave the city, to change the residence and works, to participate in mass actions, etc.[3]

On the Gosuslugi portal there was a personal data leakage of clients

On December 30, 2019 it became known that in free access in Internet there was information of tens of thousands of users portal "State services". Personal data became available to everyone as a result leaks. In more detail here.

Date leaks from the companies and state agencies in Russia grew by 40%

In 2019 the number of the registered leaks of the restricted information from business companies and the state organizations in the world grew approximately by 10% in comparison by the 2018th. In Russia of such incidents it became 40% more, and the number of the compromised records of personal data increased almost by 6 times, to 170 million. Such data at the end of December, 2019 were published by expert analytical center InfoWatch.

It is reported that in Russia the share of hacker crimes in 2019 made less than 20%, and non-management employees became the dominating type of violators — their actions provoked more than 70% of information leaks.

The number of the registered leaks of the restricted information from business companies and the state organizations in the world grew approximately by 10% in comparison by the 2018th

According to the head of department of analytics and special projects of InfoWatch Andrey Arsentyev, behind each such case "there are interests of specific people". About 40% of leaks in Russia at the end of 2019 were intentional whereas in the world in general it is more of them — about 66%.

About 75% of all leaks in 2019 were the share of a compromise of personal data. It is 5% higher, than the previous year.

Shares of leaks of payment information and also the state secrets were reduced. At the same time the share of the compromised information relating to commercial secrets and a know-how grew.

Specialists also noted significant growth in date leaks of e-mail. According to them, it is connected with popularity at malefactors of the attacks to the companies using a mail phishing — sending the letter with the link to the counterfeit website for obtaining the login and the password or other valuable information.

According to Izvestia, in 2019 in the Russian banking sector about 1 million personal and payment data were compromised that makes less than 1% in a total amount of leaks. So low indicator was explained with capability of the Russian banks to provide high degree of information security.[4]

Low wage of employees – the main reason of date leak in the Russian Federation

On November 12, 2019 it became known that the main reason of date leaks of the Russian users – a large number of the organizations in which they provide information on themselves and also a low wage of staff of such organizations. Specialists of EY company based on the conducted research came to such conclusions.

According to a research, the Russian user provides to the state or the different companies for confirmation of the personality on average 15 identifiers (data sets). At residents of Moscow the number of identifiers even higher and reaches 24.

According to the research EY, 88% of date leaks of the Russian users happen because of the staff of the companies requesting these data. For comparison, in the world this indicator is 56%.

As the head of the center of technologies, media and telecom EY Yury Gedgafov, at the employees having data access of users reported, the average salary is 27 thousand rubles – it is possible to gain in the black market for several records of page so much personal data. Nevertheless, in 2018 in Russia no more than hundred claims connected with personal data leakages were submitted.

As solution Gedgafov suggested the organizations to pass to model when for confirmation of the identity of the citizen they address special ID provider. This provider will not provide data, and will confirm that the required citizen approaches under certain criteria (for example, it can issue the credit). The ID provider can transmit the answer through a blockchain for security[5].

These 700 thousand employees of the Russian Railway appeared in open access

On August 27, 2019 it became known that personal data of 703 thousand staff of the Russian Railway appeared in open access on the Internet. About leaks the corporate data protection specialist, the technical director of DeviceLock Ashot Oganesyan reported in a tekhnobloga of Habr.com. Read more here.

There was a leakage of 14 million records of the companies and buyers

On September 16, 2019 it became known that about 14 million records about the companies and natural persons from Russia got to open access. Accidental leak was allowed by an operating company of fiscal data Drimkas. Read more here.

75 thousand codes from the Moscow entrances appeared in open access

On October 11, 2019 it became known that unknown malefactors posted online base with codes of locks and on-door speakerphones of entrances in Moscow and some cities of Moscow area. This leak can facilitate penetration into houses to criminals and swindlers.

The base is in open access and contains more than 75 thousand records. In total leak affected about 40 thousand apartment houses. Based on selection check, only a part of codes was relevant.

According to specialists, this base can be the office reference book of one of delivery companies or large online stores. Criminals hardly had commercial interest, presumably, they wanted to exchange one database for another on special resources.

As lawyers note, to bring malefactors to criminal or administrative responsibility it will not turn out. According to the legislation, the flowed-away codes are not personal data and do not contain a bank or state secrecy. This information can be known to the unlimited group of people and therefore it is not protected by the law. Responsible for leak will be threatened at worst by disciplinary responsibility[6].

Beeline confirmed the fact of leak of the database on 2 million clients

On October 7, 2019 it became known that the telecom operator VimpelCom (a trademark Beeline) confirmed the fact of leak of the database of the clients containing the information about millions of users of the wire Internet. According to RIA Novosti, the company started investigation of an incident. Read more here.

External drives and photos of the screen remain the main channels of leaks

According to the data of DeviceLock company received according to the results of a research of channels of insider information leaks in the Russian companies, more than 70% of leaks happened in the B2C-companies. At the same time more than a half of them — in the companies having the big customer base (retail banks, IFI, telecom operators). Other 20% happened in the B2B-companies and about another 10% — in government institutions, reported in DeviceLock on June 21, 2019.

Among channels of leak by the absolute leader there were unloadings from corporate information systems (more than 80%) allowing to save data in text or tabular (.xls,.csv) representation on external drives. They are followed by the pictures of the screen taken by mobile phones, most often used within services in "probiv" of particular persons (about 10%). And it is rather new (for June, 2019) a format of leaks which was practically not used in 2018 and did not draw attention of researchers, researchers of DeviceLock noted.

Commenting on results of a research, the founder and the technical director of DeviceLock Ashot Oganesyan noted that despite development of means of fight against date leaks, prior to a clear victory over this problem still far.

File:Aquote1.png
Digitalization of business increases the volume of viktimny data and, at the same time, facilitates access to them. The economic situation promotes formation of the black market of the commercial information as in the form of the stolen bases, and services of "probiv". Many banks and telecom operators having the maximum quantity of "new oil" are extremely vulnerable and powerless before date leaks as in many cases systems used by them allow to observe and investigate only already happened incidents, but not to block an illegal information access and to prevent leaks of sensitive data — he explained.
File:Aquote2.png

Within the research which covered the period from January to May, 2019 more than 800 documents which are laid out on different resources of the Darknet (DarkNet) and also provided by sellers of services in "probiv" as samples of the data offered by them were analyzed.

In Runet about one thousand open databases are revealed

On April 11, 2019 it became known that the DeviceLock company is the Russian producer of the systems of fight against date leaks, conducted a research of the security level of the cloud databases located in the Russian segment of the Internet.

In the course of the research by analysts of the company it was revealed and inspected more than 1900 servers, using platforms MongoDB, Elasticsearch and Yandex ClickHouse which more than a half (52%) gave a non-authorized access opportunity, and 10% at the same time supported personal data Russians or the commercial information of the companies. Another 4% already were cracked hackers before and already had requirements about the redemption.

Among the detected identified databases, in particular, appeared: the base of clients of the financial broker Finservice (finservice.pro) with a capacity of 157 GB containing names, the addresses, contact and passport data, credit stories and information on the issued loans; the base of service of autocall-down Call with a capacity of 21 GB (zvonok.com) containing phone numbers and records of calls; the data of the Moscow stations of emergency medical service with a capacity more than 17 GB containing all information on calls of ambulance crews, including names, the addresses and phones of patients, base of the Russian telemedicine service Doc + with the capacity more than 3 GB, containing data of employees and some users (including diagnoses), databases of an information system "the Network City. Education", the containing personal data of pupils and teachers of schools of Yekaterinburg, Ingushetia, Sverdlovsk region and Yakutia and also a large number of customer bases of different e-commerce of projects.

According to the founder and the technical director of DeviceLock Ashot Oganesyan, the configuration errors caused by extremely low qualification of their users and absence in the companies of procedures of an information security audit are the key reason of so scandalous situation with a non-authorized access to cloud databases.

Still the big problem, according to him, is represented by identification of the owner of the "open" database which is not always possible on its contents.

File:Aquote1.png
We detect the open base containing personal data and we do not understand to whom to announce that access to it needs to be closed. Hosters do not issue data of owners and in principle often consider that the user errors of a configuration not their problem.
Ashot Oganesyan
File:Aquote2.png

Besides, owners of such bases extremely slowly react to notifications.

File:Aquote1.png
Unfortunately, when we contact owners and we announce them need to close data access, the vast majority of them react too slowly or does not react at all. And not isolated cases when the open databases detected by us were and downloaded by hackers after our notification are known to me.
Ashot Oganesyan
File:Aquote2.png


The company is going to address to Roskomnadzor within whose scope of responsibility control of observance 152-FZ falls ("About personal data"), with the offer to develop the procedure of blocking of the open bases containing personal data.

File:Aquote1.png
It is optional to block at once access, but it is possible to create the procedure within which Roskomnadzor obtains information on existence of such base and directs the instruction hosting-to provider. The hoster notifies the owner of base and that at the scheduled time or eliminates violation, or access to base is blocked.
Ashot Oganesyan
File:Aquote2.png

2018

The maximum amount of damage on the case of information leak made 14 million rubles

On January 28, 2020 it became known that the expert analytical center InfoWatch Group published the first report on judicial practice on the affairs connected with information leaks of limited access. The research was conducted for the purpose of identification of the main and most obvious problems of law enforcement in the field of data protection. According to results of a research, every fourth case comes to an end with removal real or probation, and the maximum amount of damage on the case of information leak confirmed with the decision of Russian court in 2018 makes 14 million rubles. Read more here.

23.3% of total number of the leaks registered in Russia were the share of state structures

On January 20, 2020 InfoWatch provided results of an annual research of leakages of confidential data in a public sector (the central authorities, law enforcement agencies, the companies in state-owned property). In 2018 13.9% of total number of the registered leaks in the world and 23.3% in Russia were the share of state structures. The main explanation of a high share of a public sector in the Russian leaks – its dominant position in economy. Read more here.

Share of leaks because of privileged users — 9.6%

On August 27, 2019 the analytical center InfoWatch announced carrying out a research of the incidents in information security field which entailed information leaks because of privileged users from the state organizations and business companies. At the end of 2018 in the world the share of the information leaks of limited access which happened because of privileged users of information systems and different corporate archives made 5.1%. In Russia this indicator was almost twice higher – 9.6%.

Distribution of information leaks by responsible

The reasons of such rupture of analytics connect with several factors. First of all, it is about distribution of public incidents – in Russia already traditionally a share of leaks because of internal violators much higher, than in the world.

Distribution of information leaks by intention
File:Aquote1.png
It is connected with the fact that the large companies learned to cope with external threats, however counteraction to internal violations at the different levels often appears more difficult task. And success depends not only on efficiency of technical means, but also on a maturity of processes and also on systemacity of the actions directed to increase in level of "digital hygiene" in users and education of culture of treatment of data
told the head of the analytical department and InfoWatch special projects Andrey Arsentyev
File:Aquote2.png

Distribution of information leaks by types of incidents

Secondly, world indicators of the published leaks in many respects create the USA, the Western European and other developed countries with long-term experience of implementation of IT and means of cybersecurity. And the third factor is more developed information culture of the western users set by the strict legislation in the field of data protection.

Distribution of information leaks by data types

In Russia more ¾ all leaks are connected with violation of confidentiality of personal data. In world distribution it also is the dominating type of the compromised information. As for industry distribution, in the world the greatest percent of leaks is the share of the state organizations.

Industry distribution of information leaks

Flash cards and other removable drives and also services of instant messages became the main tools at deliberate violations, both in global, and in the Russian scale. The network channel and e-mail are used not so actively.

Distribution of information leaks by channels

Authors of a research came to a conclusion: deliberate or accidental actions of owners of exclusive accounts pose serious threat for corporate data assets. Business should adhere constantly to the strategy of continuous control of exclusive access. The lack of these measures increases risks not only internal threats, but emergence of information attacks.

Distribution of information leaks by certain canals

24% of leaks of confidential information from the state and business companies are integrated to fraudulent activity

On June 25, 2019 the InfoWatch company reported that in Russia about 24% of leaks of confidential information from the state and business companies are integrated to fraudulent activity. Fraud level on the basis of the data stolen from the Russian companies is almost three times higher, than in the world. About 80% of similar incidents in Russia are connected with actions of heads and employees. In half of incidents it is swindled on the basis of data from paper sources. Most often cases of a fraud are noted in the banking sector and the companies of the sphere of communication.

Distribution of leaks by types of incidents in Russia and the world

In addition to "classical" leaks, in total the incidents which are traditionally studied by analysts of InfoWatch, the leaks "burdened" by fraudulent activity are extensive layer. It is first of all a bank fraud, direct sale of data to interested persons by request, receiving different services on the basis of user data of other person.

According to analytical center InfoWatch, in 2018 the share of the leaks of confidential information integrated to fraudulent activity concerning data, in all set of the registered leaks made 8.5%. In the Russian distribution the share of fraudulent incidents was almost three times higher — 23.7%.

So high share of fraudulent activity in Russian "pie" of incidents can be explained with set of several factors. First, Russia is more and more deeply built in global digital processes, the value of each record of the user information becomes quite tangible in present period. Secondly, implementation of information security tools in general so far lags behind rates of digitalization. Thirdly, in society accurate moral imperatives in relation to someone else's data are not created yet. Managers of mobile operators, bank clerks, police and other employee categories through whom regularly there pass personal data quite often perceive a complex of this information as the ancestral lands, reserve the moral right to address with data of citizens at discretion.

Distribution of incidents with data on responsible in Russia and the world
File:Aquote1.png
When controls over information systems are loosened, before malefactors from among employees the wide field for fraud opens. And where valid, careful attitude to someone else's personal data is not developed, in the companies the consumer relation to data assets prospers. It is impossible to forget that personal data are a key to many modern services. Therefore fraudulent use of confidential information threatens public wellbeing of citizens and provokes a crisis of confidence in many companies and the state organizations,
comments Natalya Kasperskaya, results of a research the president of InfoWatch group
File:Aquote2.png

On a global scale the essential share is occupied by the fraudulent incidents provoked by actions of external malefactors. Respectively, in the world it is less, than in Russia, percent of the similar incidents which happened because of non-management employees.

In our opinion, the small share of fraudulent leaks under the influence of hackers in Russia in general is connected with rather low level of development of digital storages from where it is possible to get valuable information in the structured type. At the same time digital assets of a number of the large companies and authorities probably in general are reliably protected from the external attacks.

Distribution of incidents with data on channels in Russia and the world
File:Aquote1.png
the Main attention at protection against the leaks connected with fraudulent activity, corporate Information Security Services should give to control of employees and top managers, i.e. that whose regular activity is connected with the appeal to electronic bases and paper archives. The internal malefactor is in this respect more dangerous, than the hacker as he has profound knowledge about what information where it is stored. Thus, it is easier for employees and leadership team to find focus of the attacks, extracting not big layers of data at random, and abducting specific information, including by request to receive fast benefit,

File:Aquote2.png

In 2018 in the world the greatest share of the leaks integrated to fraud occurred via the network channel. In Russia the incidents which happened as a result of a compromise of data from paper archives dominate, and the Network is in the second place with big lag.

Distribution of set of incidents by the industries in Russia and the world

The low percent of fraudulent incidents has a talk with use by the Russian malefactors of e-mail that this channel is historically quite reliably controlled in the domestic organizations. Knowing about the systems of protection, unfair employees do not decide to use E-mail for sending the stolen information and select other channels. In the world e-mail within the organizations is also infrequently used in the fraudulent purposes, but at the same time it became one of favourite channels for external malefactors at commission of phishing attacks.

In a global picture of leaks with a fraudulent shade equal percent of incidents — on 18.2% — occupies the state organizations and the financial sector. In Russia the sphere of finance dominates, every fourth incident is the share of it. On the second and third place here a public sector and the hi-tech companies.

Share of incidents on the industries in Russia and the world

As for percent of fraudulent incidents with data in different verticals, in world distribution the greatest share of fraud appeared in the banking sector. Follow the state and municipal organizations. In Russia in many industries the fraud share on the basis of confidential information is several times higher, than in world distribution. And in a hi-tech segment it is higher much. Malefactors most often use data in the fraudulent purposes in those organizations from where most quicker "convert" these data into money and where it is easier to bypass the systems of protection (or to use their absence).

File:Aquote1.png
to the Companies it is reasonable to adhere to complex approach in the course of fight against internal fraud on the basis of data. In addition to implementation of the systems of an antifraud, DLP and behavioural analytics (UBA), the systematic work with personnel including the trainings, seminars and other educational actions devoted to a subject of protection of personal information is required. Besides, be able to implement the companies special projects on informing users on threats of their personal information and methods of counteraction to fraud,

File:Aquote2.png

270 cases of leak of confidential information from business and non-profit companies

On May 28, 2019 reported to InfoWatch company results of an analytical research by which in Russia in 2018 270 cases of leak of confidential information from business and non-profit companies and also the state organizations are registered. It is 6% more, than in 2017. The share of leaks as a result of actions of external malefactors was reduced more than twice – to 9.5%. About 39% of incidents fell on the state and municipal organizations.

In universal distribution the share of the "Russian" leaks made 12%. The volume of the compromised personal data which fell on the Russian companies and the state organizations did not exceed 1% of the total volume of the data compromised worldwide.

If in 2017 the hacker attacks in Russia were resulted by 21.3% of the registered leaks, then at the end of 2018 this share was reduced to 9.5%. Rather small share of leaks because of the external malefactor should not mislead. Follows from statistical data that the internal violator remains the main problem for the Russian information security. But value increase of such data with inevitability will lead increase in the amounts of data processed by the companies to growth of number of the external attacks. It is not only and not just about the "advanced" hackers working by request, how many about mass cracking with the purpose to pull out from the organizations though something valuable — databases, the aggregated information on employees.

According to 2018 nearly 78% of the incidents which entailed a compromise of information of limited access are provoked by deliberate or reckless acts of personnel. Higher share of leaks because of the management of the companies — 8.8% in comparison with 3.2% in the world is also characteristic of Russia.

Except obvious interest in features of processes of formation of a picture of leaks in our country, preparation of a separate research of date leaks for Russia is connected with aspiration of authors once again to draw public attention to a problem of leakages of the basic (on number of the recorded incidents) for our country of information type — personal data.

Natalya Kasperskaya comments:

File:Aquote1.png
In many countries we observe a roll of technically simpler administrative regulation of data security through increase in penalties, toughening of requirements aside. Really, if personal data of citizens are an asset of the state, then the state also should provide their protection through tough regulation of processing (in a broad sense) of personal data both within the system of own bodies, and in the commercial sector. Against the background of the designated universal trend on toughening of the administrative responsibility for a compromise of data of personal character, the regulatory policy in Russia still looks quite soft. Victims of personal data leakages can expect compensation of the done harm based on judicial proceedings. But the amount of compensations seldom exceeds 10 thousand rubles, and the number of similar cases is calculated by units.
Natalya Kasperskaya, president of InfoWatch Group
File:Aquote2.png

Distribution of leaks by data types testifies to small (in comparison with a world picture) quantity of cases of a compromise of payment data at comparable to world shares of information leaks, being the state and trade secret. The reasons of such deviation are in the inherent Russian sphere of cybersecurity of heterogeneity of penetration of the systems of protection into the different industries. The organizations whose activity assumes processing of payment information, traditionally are considered as leaders in respect of use of solutions for information security support. These are first of all banks. Tell the same about the companies where processing of payment data is not among key transactions (i.e. about most the organizations which actively do business, store data of clients and partners) while it is impossible.

With regret it should be noted that the staff of the companies having legitimate access to personal data of users, clients often has no elementary knowledge of rules of safe handling of information of limited access, or intentionally ignore bans and security policies.

Sergey Hayruk explained:

File:Aquote1.png
Growth of number of the incidents connected with an intended compromise of personal data is explained by the fact that Russia is gradually built in a world paradigm of general "digitalization", one of necessary signs of which is existence of the environment for provision of services in electronic form. "Digitalization" allows "tear off" the real personality from an electronic profile. It is obvious that such opportunity generates demand for someone else's personal data "tied" to different electronic services — whether it be accounts in applications of car-sharing, personal accounts of the systems of the cadastral registration, even the registered SIM cards. In the simplest case the mechanism of use of someone else's data is built so that the service is received by the malefactor who stole data, and "owner" of data, the person pays for it, "from a name" which the violator acts.
Sergey Hayruk, analyst of InfoWatch Group
File:Aquote2.png

Personal data, thus, find the increasing value for different swindlers. The persons having access to such data are exposed to temptation to copy them from a system and to sell to the first who will offer for an intangible asset a material benefit — cash.

During the research that thesis once again found confirmation that higher share of the so-called "qualified" date leaks is characteristic of Russia. So such cases when the malefactor consciously uses information stolen by him for achievement of personal benefit (fraud with data, a bank fraud), or gets an information access, obviously not necessary to it for accomplishment of labor function (exceeding of access rights).

Analysts of InfoWatch Group connect a large number of the "qualified" leaks in Russia with rather low level of culture of information security. The staff of the organizations who is daily dealing with sensitive information periodically "forgets" that the result of their work is the office work and, by the general rule, belongs to the employer. From here numerous cases of sale of the databases containing the information about clients and partners of the organization employer, attempt "find the interest in others pocket", having received not only the salary, but also "bonus" from the employer.

The dominating channels of leak of confidential information from the organizations in Russia are paper carriers and Network. About 45% and about 43% of incidents were the share of them, respectively.

Still scenarios of leaks through "paper documentation" are the most typical for our country. The organizations hang out on houses of entrances lists of debtors with the complete list of personal data. Even it is not necessary to speak about the banks and insurance companies, authorities dumping passport copies of clients the next to offices — these stories became too common.

The number of deliberate leaks on such channels as "removable mediums", "loss and theft of the equipment" in 2018 was calculated by units. Malefactors, knowing that their actions are controlled, just do not use the specified channels.

Leaks from a public sector and local authorities in principle take more noticeable place in Russia, than in general on the world — 39% of all cases of a compromise of information recorded in 2018 are the share of a share of the state and municipal bodies in total.

Further on the importance there are leaks from the organizations of the sphere of trade and entertainments (14%), a financial segment (12%). The small share of "medical" leaks — 8.5% against the background of 19% of a share in world distribution — is explained by rather low level of "digitalization" of the Russian medicine, features of development of the Russian health insurance. Paradoxically, but the backwardness of the Russian medicine in respect of digitalization acts as guarantee of relative security of personal data in medical institutions.

The greatest percent of deliberate leaks in Russia is the share of such industries as banks and finance (70%), high technologies (65.2%), the industry and transport (60%). Thus, data assets these three verticals look the most attractive to malefactors.

Sergey Hayruk summarizes:

File:Aquote1.png
Taking into account the revealed and designated features of the Russian picture of leaks, the known factors creating this picture, the most acceptable approach it is necessary to recognize creation and use of such systems of protection which allow to control specific information types of limited access (databases, finance documents, information which is a trade secret), to carry out "deep" monitoring of "problem" channels of communication (outgoing Internet traffic, paper documents, data transmission on removable devices). Besides, it is necessary to focus attention on comprehensive application of the analysis of behavior of employees in a tough binding to their role in the company, to the volume of access rights to information. Ideally such protection is complemented with the solution for counteraction to the external attacks.
Sergey Hayruk, analyst of InfoWatch Group
File:Aquote2.png

30% of the Russian companies increased the budget by security

On February 19, 2019 the SearchInform company published results of the conducted research of information security of business for 2018. It concerns threats which proceed not from external malefactors, and from within the company – from employees. 1024 representatives of the Russian business participated in a research. About 718 more people joined poll in other countries of presence of SearchInform (the Middle East, Latin America, the Republic of South Africa, the CIS).

Date leaks

66% of the companies faced leaks because of insiders in 2018. Most often the commercial information vanished: about clients and transactions, partners, accounting (in the amount of 51%), the technical information (24% of cases) flowed away less often.

Personal data also easily are exposed to leak (20% of cases), but the companies still extremely seldom announce in media the event. Only 3.5% of the organizations act this way. Nevertheless this indicator is higher, than the previous year. Then in media announced leaks to only 2% of the organizations.

But much more actively the companies began to announce an incident to victims. In a year the indicator grew almost by 16% – up to 28%.

File:Aquote1.png
"The share of the companies in the Russian Federation acknowledging responsibility for an incident steadily grows and will shortly be equal to a world indicator. It is quite interesting trend, sanctions in Russia and in the world cardinally differ. For example, in Russia the penalty for disclosure of personal data is measured by tens of thousands (rubles), and in the European Union – millions (euros). Thus, personal liability, consciousness of the domestic companies is the main reason, and not threat of a penalty at all".
File:Aquote2.png

The number of documents in the form of images – scans, photos, screenshots, PDF – considerably increased lately. 3 years ago such documents in the organizations there was no more than a third. According to the research of SearchInform, for 2018 in 54% of the companies a half of information is also more stored in graphic formats. A third of such documents flows away by e-mail, employees take out another 30% of documents on mobile devices.

File:Aquote1.png
"To be registered in services, to make out accounts or agreements, to make payments and to receive discounts, clients even more often present data and documents in the form of photos and scans in large banks, shops, to operators. For these organizations personal data protection and other confidential information of users from leaks becomes crucial to avoid financial and reputational risks".
File:Aquote2.png

Other incidents

Analysts asked not only about leaks, but also about other incidents. In 2018 15% of the companies noted growth of number of internal incidents, is 9% more, than the previous year. It matches that dynamics which is observed in other countries where survey was conducted.

As showed data of poll, 74% of incidents allow non-management employees. Most often managers of departments of supply (corruption capacity of a profession), accountants and financiers (access to critical data, money) become violators. Nearly a half of all incidents falls to the share of both professional industries.

High rates of violations at assistant administrators and IT specialists (16 and 15% respectively). On both the reason one – access to critical information and privileges of provision.

The budget on software

In this situation it is remarkable that 30% of the companies announced growth of the budget on security. At the same time another 12%, on the contrary, reduced costs. Mainly the Russian companies are still limited to installation of an anti-virus software and use of administrative tools of Windows and NGFW. It is expected low indicators of use of more difficult products: DLP- and SIEM systems.

As consider in SearchInform, such dynamics is explained by the requirement of regulators. Both in Russia, and in the world there began work sign cybersecurity laws. In Russia it is about FZ-187, in case of the abroad – the directives GDPR having exterritorial action.

What is controlled

As well as in 2017 the main channels of communication which are controlled by employers is e-mail (29%) and external carriers (20%). Causes smaller alarm of heads telephony (15%) and internet-messengers (11%). These digits save dynamics of last year.

Employers are disturbed most of all in employees by the disloyal relation to the company, sabotage, distribution of the negative information (21, 21 and 23% respectively). Another 16% of employers concern dangerous dependences of employees.

As noted in SearchInform, the interests of the companies are beyond monitoring of loyalty. It is important to cybersecurity specialists to understand personal problems of employees which can be dangerous to business and collective.

Damage and punishment

Most often incidents resulted in image and small financial damage (28% of answers). Approximately identical number of violations led to major financial damage and also compliance-risks – threat or the fact of punishment from the regulator.

Only 4% of the Russian companies disregard incidents, without applying sanctions against violators. 34% of employers dismiss violators, a half do a reprimand and fine (23 and 27%). Only 8% of the companies bring the matter to court.

File:Aquote1.png
"The companies prefer not to leave in public field with the conflicts. Units are solved on it and only in the most scandalous situations. Then as the proof often serve the data obtained from software packages, in particular DLP systems. Unfortunately, this fact often does not appear in case papers. Still in some cases to prove guilt of the employee it appears extremely difficult: and on an absence reason of complexes of fixing of violations, and because of absence in the company of regulations in this respect".
File:Aquote2.png

Every sixth date leak is registered at the enterprises of the Ural Federal District

On February 13, 2019 the InfoWatch Urals company reported that it summed up the results of a research of Analytical center InfoWatch in the field of security of corporate information in business companies and the state organizations of Ural federal district. In 2018 the organizations of the explored federal district allowed 30% more date leaks, than in 2017 — such dynamics of growth exceeds the all-Russian indicators five times. In regional distribution of incidents the share of Ural federal district grew from 13% in 2017 to 16% in 2018, i.e. every sixth date leak in Russia in 2018 happened in the organizations of the Ural Federal District.

Ratio of the registered date leaks, Ural federal district – other Russian regions

According to the company, nearly a half of the polled InfoWatch of respondents from among cybersecurity specialists and heads of the enterprises of the macroregion allow the probability that for the last three years in their companies there were leaks of confidential information. At the same time 39% of survey participants were recognized that information security systems at their enterprises not completely provide protection against modern cyberthreats, including, from date leaks.


In the organizations of the Ural Federal District, as well as in general across Russia, the share of personal data in an overall picture of leaks makes more than 80%. At the same time, in Ural federal district by one and a half times more often than in other regions, information relating to the most liquid data flows away: trade secret and production secrets. Twice less than on average in the country, in the region payment information flows away.

Distribution of leaks by data type, Ural federal district, 2018

By estimates of authors of a research, the big share of leaks of the data containing commercial secrets and a know-how is connected with quite high concentration in the Urals of large industrial enterprises. Having high potential production, the local enterprises are probably not fully ready to prevent leaks of commercial data, and first of all leaks because of internal malefactors, experts of InfoWatch noted.

In every fourth case of leak information which was lost from the organizations of Ural federal district was used in the fraudulent purposes or received within illegitimate access to enterprise information systems.

Distribution of date leaks as incidents, Russia – Ural federal district, 2018
File:Aquote1.png
Information of limited access to which the trade secret and a know-how, payment and personal data of clients belong at many enterprises of the region is, as a rule, insufficiently protected. As a result malefactors who will bark access rights to internal information systems are capable to take personal benefit from data with which the employer operates. For example, in Magnitogorsk the chief transferred control of the pension fund to the employee of commercial bank personal data of citizens. This information then was illegally used in activity of credit institution. So-called "internal" leaks result from errors of the legitimate user or failures of automated information processing systems. In such cases the large volume of data, as a rule, flows away. As the staff of the organization has access to the most sensitive business information, as a result of their malicious actions more serious damage, than from the hacker attacks can be caused to the organization.

Andrey Arsentyev, analyst of InfoWatch Group
File:Aquote2.png

As well as in general in Russia, in 90% of cases of date leaks in Ural federal district actions of the internal malefactor in the organization, or the insider became the cause of the incident.

Distribution of date leaks by a vector of influence, Ural federal district, 2018

Most of respondents believe that use of DLP systems (Data Leakage Prevention) with the module of predictive analytics (User and Entity Behavior Analytics, UEBA) is capable to reduce threats of intended date leaks from personnel. Such solutions are used by possibilities of artificial intelligence, the deep analysis of Big Data, and allow to identify employees who, for example, intend to leave the company, and, thus, to prevent the probable abuses connected with access to confidential information from their party.

Almost in 70% of cases unprivileged employees became responsible for date leaks from the organizations of the Ural Federal District. At the same time, in 2018 in the territory of Ural federal district considerably more often than the previous year, there were leaks based on actions of privileged users: top managers, middle managers and system administrators, if in 2017 7% of violations, then in 2018 more than 16% of incidents fell to their share.

Distribution of date leaks by responsible, Ural federal district, 2018

In most cases date leaks both in Russia, and in the Ural Federal District in particular, happen through two channels of communication: through network and loss of paper documents. At the same time, the share of the incidents connected with loss of corporate data on paper carriers for 20% exceeds a share in the all-Russian distribution, and the share of leaks on the Internet and cloud carriers, on the contrary, is 20% lower, than on average in the country.

Distribution of date leaks by channels, Ural federal district, 2018

Representatives of the Ural business and the local state organizations consider the most efficient means of increase in culture of the address with personal data carrying out among employees of regular educational actions for increase in level of cyberliteracy in the field of data protection for employees. At the same time only 35% of respondents answered that in their companies such events are held regularly, for example, at least once a year.

In 2018 the greatest number of date leaks in Ural federal district was recorded in medical institutions (21%), banking and financial institutions (16%), bodies of the state and municipal authority (on 12%). Most less often data flowed away from educational institutions (9%), the organizations of the sphere of trade (9%) and industrial enterprises (7%).

Distribution of date leaks by the industries, Ural federal district, 2018
File:Aquote1.png
For February, 2019 modern technologies get into different spheres of our life — from the service industry to medicine therefore special attention should be paid to information security of these processes. For effective protection of the corporate data and information systems the organizations need to build hybrid protection which will include, first, counteraction to the internal threats proceeding from actions of employees using implementation of the systems of protection against date leaks, and, secondly, reflection of the external attacks. The last can become the reason of operation of vulnerabilities because of a low-quality program code in the product implemented at the enterprise. Therefore if business needs to create any IT product, already at a development stage it is necessary to involve information security specialists, to develop safe development.

Nikolay Babichev, CEO of InfoWatch Urals
File:Aquote2.png

2017: From the Pension fund these 17 thousand people flowed away

The Pension Fund of the Russian Federation created in the summer of 2017 the special commission on a question of check of leak of personal data more than 17 thousand people. Mikhail Zheleznyakov reported about it, the assistant department head on interaction from media of department of the Pension Fund of the Russian Federation across Moscow and the Moscow region[7].

About date leak the web developer Sergey Deryabin in the blog for IT specialists of Geektimes reported. On June 9, 2017 he received bulk mailing from department of the Pension fund (RPF). The attached document contained in the MS Excel format data of 17752 people, including dates of their birth, a registration address and number Insurance Number of Individual Ledger Account.

"The letter was received by 09.06. The file with the plate was created much earlier, and I suspect that in it were initially insured on all departments of the Pension fund. Apparently, on June 09 excess lines with insurers of other offices of Pension Fund were deleted from the file. Therefore I quite naturally suspect that data insured, at least across Moscow and the Moscow region, thus were sent on entrepreneurs" — Deryabin wrote.

The RPF announces observance of all requirements for personal data protection using modern means of cryptoprotection, but so far they cannot precisely confirm or disprove the fact of mailing of personal data in letters to the clients. The head of department of interaction from media of department of the Pension fund Marina Gustova announced conducting investigation of an incident.

2016

Growth of volume of date leaks in Russia for 89% up to 213 cases

In June, 2017 it became known that the volume of leaks of confidential information in Russia in 2016 increased by 100 times. Data were provided by the InfoWatch company specializing in corporate information security.

At the end of 2016 experts counted in Russia about 213 cases of information leaks as a result of which 128 million records of the confidential data including relating to bank cards and accounts were compromised. The number of leaks in comparison with 2015 increased by 89%, and amount of data lost because of these incidents increased more than 100-multiply.

Most of all leaks of confidential information happened in state bodies (21.6%), the IT companies (14.65%), educational institutions (13.6%) and banks (11.75%). Every tenth date leak in the Russian Federation fell on small business that specialists connected with insufficient funding, negligent treatment of information of limited access and insufficient control of personnel.

The main channels of leaks in 2016 became browsers and paper documentation — 64 and 26% of cases respectively. The share of leak of payment information in Russia (2.8%) is lower, than in the world in general (7.3%). At the same time 12.2%, and in the world — 5.4% are the share of data on a trade secret and know-how in Russia.

In Russia the high share (25.5%) of the "qualified" leaks when the thefts given later are traded on (in the world this indicator reaches 17.3%) is also recorded.

According to InfoWatch for 2016, about two thirds of leaks in Russia happen because of the staff of the company who has access to confidential data. In 2015 84% of leaks, in 2016 — already 65% fell to the share of staff of the organizations. On the world the similar indicator is equal to 52 and 34% respectively.

SearchInform: A half of the companies in the Russian Federation faced date leaks

The SearchInform company conducted a research and found out that from 2014 to 2016 the number of attempts of information leak by the staff of the Russian companies grew by 17.3%. For this purpose experts of analytical center analyzed data of 500 clients of SearchInform for the specified period.

Researchers defined that 31.4% are a deliberate theft of information (including preserving of information on the personal carrier "just in case" or in view of job change), 17.9% – accidental drainings of data or result of activity of social engineers. 50.7% are incidents which motives it is unambiguous it was not succeeded to set.

On February 1, 2017 the SearchInform company announced situation analysis results in the field of confidential information protection among the organizations of the Russian Federation in 2016.

During the research representatives of the companies from the different industries of the industry are polled.

The situation in the organizations of different scale is analyzed:

  • up to 100 employees - 27%
  • 100-500 employees - 36%
  • 500-1000 employees - 12%
  • 1000-1500 employees - 7%
  • more than 1500 employees - 17%

Leaks and attempts of theft of information

In 2016 49% of the Russian companies faced leakages of confidential data. Most often information flows away because of carelessness and carelessness of employees.

More than others the organizations of Izhevsk (85%) and Nizhny Novgorod (64%) suffered from "drainings". Moscow became the third in the number of leaks with an indicator of 58%. Least of all incidents happened in the companies of Simferopol (23%).

17% of the Russian organizations could stop attempt of theft of data.

Confidential information is of interest to many employee categories, but in 2016 entered into top three:

  • non-management employees,
  • heads
  • accountants.

These specialists became more often than others responsible for leaks.

Most often in the Russian companies flowed away:

  • 25% are Data on clients and transactions
  • 18% - the Trade secret
  • 18% - the Technical information
  • 15% are Personal data
  • 12% - Information on partners
  • 9% - Internal accounting.

In different regions the greatest insider activity is shown by different employee categories:

  • in Izhevsk – ordinary specialists (64%),
  • in Vladivostok – heads (23%),
  • in Irkutsk – accountants, economists and financiers (33%),
  • in Orenburg – system administrators (20%).

47% Russian the companies faced attempts of theft of data from former employees. Some, leaving the organization, steal information from offense and desire to revenge, others – that "cajole" the new employer.

Punish insiders differently, in 2016 – most often dismissal. This indicator practically does not differ from last year's.

Most often dismiss offenders in Moscow and Krasnoyarsk (34%), fine and deprive of awards – in Irkutsk (33%), issue the reprimand – in Simferopol (26%).

In 2016 the Russian companies began a thicket to announce incidents: 13% from them notified clients on the happened leaks and apologized. A year ago it was done by 11% of the organizations. Most the companies preferred to keep silent about information leak.

The companies from Omsk, Irkutsk, Vladivostok and Ufa (100%) were the most reserved. Most often apologized for incidents in Nizhny Novgorod (43%).

  • 40% of the companies estimate importance of confidential data protection on 10 of 10.
  • 16% – 5 of 10 points
  • 14% – 8 of 10 points
  • 12% – 7 of 10 points

Date leak of car owners from traffic police

On May 20, 2016 it became known of what on the Internet was earned by the free service autonum.info allowing to find a name and the phone number of the owner by number of the car. Authors of the project say that users send the data, however experts are sure that it is about date leak from traffic police base or some companies.

According to it is possible to obtain Vedomosti, data with autonum.info on the website and on demand to an answerphone in the Telegram messenger. As of 3 p.m. Fridays, May 20, the resource is not available and only the bot in Telegram works.

Large leak of personal data of the Russian car owners is recorded

Selection check of Vedomosti showed that by number of the car on autonum.info in 70-80% of cases there is an original name of the car owner and relevant number of its mobile and stationary phones and also also brands of cars truly are defined.

Developers of service assure that the base is created by users and is intended, for example, to find the owner of the car preventing journey. However the car owners polled by the edition claim that they did not send the data anywhere.

Judging by a large number of messages of the people who found themselves on autonum.info on social networks and at specialized forums about any autocompletion of the database by users of the speech does not go, the Deputy CEO of InfoWatch Rustem Hayretdinov says. According to him, most likely, the service uses the database of traffic police or some other organization, he assumes.

The website uses compilation of databases of traffic police and insurance companies and also information of open sources, the private    detective Sergey Drykin considers. 

Roskomnadzor already knows about autonum.info. The question  of a compliance with law of personal data by supervising department began to be analyzed.

The website autonum.info is registered in April, 2016, at the same time its servers are in Holland. Owners of service are unknown. Only on May 18, 2016 on autonum.info 8199 license plates are added, note the edition.[8]

2015: 59 cases of date leak the 1st half-year

Russia according to the results of the first half of the year 2015 took the second place in the world on number of leaks of confidential information in the Internet, Kommersant with reference to the research InfoWatch wrote.

In six months 2015, said in a research, 59 cases of leak of confidential information from the Russian companies and the state organizations are registered.

Among the companies affected by leaks for the last half a year, MTS, VTB 24, the Russian Railway, SOGAZ and also Apple, Google, Lenovo, Microsoft and others are registered. 90% of leaks are connected with disclosure of personal data. For the studied period more than 262 million records of personal data, including payment information are compromised.

In 65% of cases the employee of the affected organization, as a rule, the manager of the lowest or average link was guilty of date leak, authors of a research specify. The share of the hacker attacks made 32 percent from a total quantity of incidents, however these attacks are the most effective, they emphasized.

In total in the world in the first half of the year 2015 723 cases of leak of confidential information were recorded that for 10 percent exceeds the number of leaks for the same period of 2014.

2014

InfoWatch: The number of leaks in Russia grew by 73%

The analytical center of InfoWatch company provided in February, 2015 results of a global research of leaks of confidential information for 2014. In comparison with 2013 the number of information leaks in the world grew by 22%, at the same time in Russia — for 73%.

In a quarter of cases information leak resulted from hacker activity (the targeted attack, a phishing, cracking of a web resource and so forth). In the majority of cases (73%) information flowed away because of the internal violator, as a rule, of the non-management employee, former or present. However if as a result of the internal attacks 350 million personal data were compromised (0.34 million on leak), then the compromise of 410 million records (1.16 million on leak) became a result of external influence. Thus, the hacker attacks, though happened less often than internal, caused to the companies bigger damage, specified in the company.

"Banks where information on accounts of individuals, details of plastic cards and other 'liquid' data is concentrated often suffered from the massive attacks in 2014. Hackers hunted for the same data types, abducting information from payment terminals of network retailers. Large Internet services, transport companies, government institutions underwent the attacks — Sergey Hayruk, the analyst of InfoWatch company told. — As the Russian picture of information leaks approaches American more and more, in the near future it is possible to expect the same large-scale attacks to domestic Internet services".

In 2014 the share of accidental leaks increased by 10 items and made about 50%. The share of deliberate leaks, respectively, decreased up to 44% of the total number of incidents. Redistribution of shares of leaks on intention happens because with distribution of information security tools (including DLP solutions) accidental leaks are fixed more and more, and fixing of malicious leaks requires use of more expensive means of counteraction, explained in InfoWatch.

Most of all information leaks are connected with personal data — in 92% of cases this information flowed away. More than 767 million personal data were compromised because of errors or intended actions of internal violators, owing to the external attacks.

Among trends of 2014 of analytics of InfoWatch select a large number of "mega-leaks" over 10 million flowed away records PDN. So, as a result of 14 "mega-leaks" more than 683 million records — 89% of all volume of the flowed-away personal data were compromised. At the same time more than 30 cases when the volume of the personal data compromised as a result of leak was over 1 million records are recorded.

Source: InfoWatch, 2015

Also big distribution was gained by the frauds known as identity fraud. Nearly three quarters of personal data leakages are connected with "identity fraud" — the stolen information was used in fraudulent schemes, criminals made out on others these credits and tax deductions.

The majority of leaks in 2014 were the share of three main channels: Internet (35%), paper documents (18%) and theft/loss of the equipment (16%). At the same time deliberate leaks most often happen on the Internet, and accidental — as a result of loss or theft of the equipment.

In 2014 the share of state companies from which information flowed away was cut almost by half, however at the same time the share of the commercial organizations, victims of such incidents grew. Most often leaks were fixed in medicine (25%), is the most rare in municipal authorities (2%). At the same time on the volume of the compromised records the palm is held by a bank vertical — 41%. If to select personal data, then they most often flow away from the hi-tech companies (including Internet services), state agencies, medical and trade institutions.

Most (52%) of leaks of the large companies belong to the category intended, and most (57%) of leaks of medium-sized companies — to category accidental. Nevertheless, the share of personal data leakages in SMB is significantly higher, than in a segment of the large companies — 71% against 24%. It demonstrates that the data protection issue in the small companies is still not resolved, believe in InfoWatch.

In a global research of leaks of confidential information of analytical center InfoWatch also positions of own staff of the company who allowed theft of confidential information are ranged. Responsible did not manage to be set only in 13% of cases.

Source: InfoWatch, 2015

File:Распределение утечек по каналам 2014 InfoWatch.png

Source: InfoWatch, 2015

In the annual research InfoWatch calls the USA the leader in leaks in 2014 (906 or 65% of the total number of incidents). Russia, according to InfoWatch, as well as at the end of 2013, takes the second place (167 leaks) On the third place Great Britain (85 leaks).

Source: InfoWatch, 2015

According to Valentin Krokhin, the marketing director Rostelecom-Solar, Rostelecom-Solar (before Solar Security, Solar Sekyyuriti), "are most interesting" to hackers those systems in which the bigger number of data or financial resources addresses. Therefore most often the American and European companies are exposed to the attacks.

According to the annual report of EY, in Russia lack of information of workers in questions of information security – the main reason of vulnerabilities of corporate information systems. Least of all threats for corporations represent social networks.

As well as around the world, attacks to the Russian enterprises are carried out only for "earning" of money. Most of cybercriminals, according to Sergey Hayruk, the analyst of InfoWatch company, "pushed" ideological motives the background long ago: malefactors worked and will work with the purpose of extraction of material benefit. Of course, if the state pays more for the attack of the neighbor, hackers most likely will agree.

Zecurion: 37 public cases of information leak

According to Zecurion Analytics in Russia for 2014 37 public cases of information leak are registered. Among the loudest: the compromised base of millions of users of mail services "Yandex.Mail", Mail.ru, and Gmail, theft more than 70 million rubles from customer accounts of several Russian banks, use of data on clients and theft of 2 million rubles by employees of the bank May Day, leak of passwords to accounts of the prime minister.

See Also

Notes