Government, education sectors suffer more than half of all data leaks in ME

Local government agencies and educational institutions in the Middle East experienced 36% and 20% of all confidential data leaks, respectively, according to the latest survey by InfoWatch. According to the InfoWatch Analytical Centre, the regional figures, covering the period from July 1, 2017, through June 30, 2018, were twice as many as the worldwide average.

While 66% of all global incidents over the reporting period affected personal data, the majority (over 38%) of Middle Eastern data breaches compromised trade secrets and know how, with personal data in the region leaked in less than 30% of cases.

"The difference between global and regional leak breakdowns by data type is largely due to political and economic landscapes of the Middle East," said Kristina Tantsyura, InfoWatch Group's business development director for Middle East and InfoWatch Gulf's CEO. "Countries’ specifics and possible tensions among Gulf states have a significant effect here. The Middle East countries see public uproar when information of political or technological value is compromised as a result of either external attacks on government agencies and manufacturing enterprises or malicious and negligent actions by their employees."

While two thirds of all leaks from the Middle East companies was caused by external intruders, almost the same share worldwide (63%) was attributed to internal offenders.

"Internally-triggered leaks are just as dangerous for the Middle East as external ones, despite their relatively small share here," said Kristina Tantsyura. "Internal data breaches in the region were mostly of malicious nature and often compromised extremely sensitive data, leading to severe consequences, even damage to national defence capability."

One in five incidents in the Middle East was caused by non-privileged, rank-and-file employees, while top managers were at fault 2.5 times more often than globally.

While the network channel was used in the majority of enterprise data leaks over the period both worldwide and in the Middle East, there is a big difference in local and global leak breakdown by channel. The shares of leaks through mobile devices and instant messengers in the Middle East were more than three and almost four times larger than global figures, respectively.

"The analysis of publicly available cases shows that government agencies and most businesses in the Middle East lack reliable tools to protect themselves against both external and internal leaks," noted Kristina Tantsyura. "To prevent sensitive data breaches, Middle East companies need to reconsider their security approach in terms of both information handling and use of particular external and insider threat protection tools that should combine Data Loss Prevention (DLP) with, say, User and Entity Behaviour Analytics (UEBA) technology, which analyses enterprise information flows and uses machine learning-based models to predict cybersecurity risks."

The report relies on the InfoWatch Analytical Centre's own database that aggregates publicly reported data leaks, which hit profit and non-profit (public, municipal) organisations and resulted from malicious or negligent actions by employees or criminals from the outside.