Data leaks and shadow assets greatly exposing organizations to cyberattacks

CybelAngel published a research revealing that data leaks and shadow assets are the greatest source of exposure to cyberattacks faced by large organizations across the globe. The report also highlights how the market pressures of 2021 led to an increase of such risks, with cloud storage leaks increasing by 150% compared to 2020.   

Based on data from a sample group of customers, the research report reveals that data leak incidents increased, overall, by 63% and vulnerable shadow assets exposure grew by 40% in 2021. This is evidence of organizations’ ever-increasing digital footprint and the expanding attack surface of today’s connected enterprises.   

Source code data leaks rise by two-thirds between 2020 and 2021

Labour shortages among developers led to greater outsourcing of development projects, with 86%2 of hiring managers and technical recruiters now finding it a challenge to hire developers. At the same time, the acceleration of digital transformation meant that more development projects were needed, with a 47%3 increase in new public repositories created on GitHub between 2020 and 2021.  

The increase in outsourced development projects led to a 66% increase in source code leaks. The final quarter of 2021 saw a massive 117% jump in the number of GitHub incident reports sent to CybelAngel’s sample group of customers, compared to the previous quarter. 

Increase in ‘major risks’ from credentials leaks

The digital risks caused by exposed credentials continued to plague cybersecurity, including account takeover, credential stuffing, network infiltration, and ransomware attacks. In the sample group of companies, exposed credentials accounted for 25% of all incident reports sent.

One of the most significant findings was that the severity of exposed credential incidents has changed dramatically with a 50% increase in the number of ‘major‘ incidents, defined as those having the potential to interrupt business operations as a result of account takeover.  

Cloud storage leaks increasing 150% year-on-year

As digital transformation continued following the work-at-home revolution, incidents of cloud storage leaking proprietary data, or confidential information, grew by 150% year-over-year.  

40% growth in shadow IT incidents in H2 2021

With the increasing prevalence in cloud adoption, and the ease with which applications and services can be used without the sanction of IT departments, the number of vulnerable shadow assets grew by 40% over H2 2021. 17% of shadow asset incidents sent to CybelAngel customers across 2021 were rated ‘major’ or ‘critical’. 

Commenting on the findings, Pauline Losson, Cyber Operations Director at CybelAngel and Head Researcher on the report said: “The report pulls into sharp focus the security impact of digital risks that have occurred following the seismic changes in the world of work. 

“The huge growth in cloud adoption and organizations’ increasing reliance on outsourcing development work means that all risks are, in effect, moving to the cloud. The idea of securing the perimeter is no longer tenable. Organizations are facing systemic cyber risks, driven by sophisticated criminal groups exploiting the fact that external threats are reaching a level of unavoidable risk. 

“The good news for organizations is that, if dealt with early, each of the threats identified in the report can be remediated relatively quickly and at low cost. The key is visibility and speed in order to locate all exposed assets pertaining to an organization’s attack surface before they are breached by malicious actors. As risks change each day, organizations need to be ready to respond through continuous monitoring.”